On Thu, 5 Oct 2006 13:34:52 +0200, Iljitsch van Beijnum
<iljitsch(_at_)muada(_dot_)com> wrote:
On 4-okt-2006, at 16:30, Steven M. Bellovin wrote:
Having read the draft, I do have similar concerns with "double-ended"
operations. The draft mentions that the new key should only be used
when it's "at a point where it is reasonably certain that the other
side would have it installed, too". This is not very exact language,
and I wonder how implementations would handle this.
My intention, actually, was that operators would do that. "Attention
customers: we will be installing the 2007 BGP key on January 15.
Please
install the new key on your end before then." -- and then you
actually do
your end on Jan 20 or thereabouts.
My perspective:
...
I don't know that I agree with the details of your scenario, but that's
irrelevant to my larger point: it isn't the implementation that decides,
it's people.
I also agree that it's better that everything be completely automated. As
the I-D says, this is advice on an interim solution until we can engineer
and deploy something better.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf