At 10:32 AM -0400 5/4/11, Sam Hartman wrote:
Let me see if I can summarize where we are:
You've describe an upgrade strategey for the origin validation in the
current set of docs. It depends on the ability to store multiple certs,
ROAs and other objects in the repository.
requirements that already exist to accommodate key rollover and alg
transition for the RPKI. We have a SIDR doc describing both key
You agree that when SIDR looks at using RPKI objects in the newly
adopted work it will need some upgrade strategy for format, keys and
algorithms. There are probably a number of options for how to
accomplish this. Even if the working group did decide to update
processing of RPKI objects at that point, requiring new behavior from
parties implementing a new protocol would be possible.
I find your last sentence above confusing. I would say that the
BGPSEC protocol will have to define how it deals with alg changes for
the signed objects it defines, with key changes for RPKI certs, with
alg changes for all RPKI objects, and with format changes for RPKI
objects and for its own objects.
Ietf mailing list