Danny:
I'm kinda surprised the security ADs are OK with this in a brand new
connection-oriented protocol meant to increase security of the network:
S.7:
"Caches and routers MUST implement unprotected transport
over TCP using a port, rpki-rtr, to be assigned, see Section 12.
Operators SHOULD use procedural means, ACLs, ... to reduce
the exposure to authentication issues."
-danny
Since all of the objects that are transferred over this protocol are digitally
signed, I do not see a security issue. I think the Security Considerations
section (Section 11) does a good job explaining the situation
Russ
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf