On Dec 21, 2011, at 11:55 AM, Russ Housley wrote:
Stephane:
Sorry, I was too terse in my response. Let me try again.
All of the inputs to the server are signed, so there is no concern about
theses objects being modified.
Once process by the server, a protocol that provides authentication and
integrity protection is used between the server and router. From the Table
of Contents, the choices are clear:
7.1. SSH Transport
7.2. TLS Transport
7.3. TCP MD5 Transport
7.4. TCP-AO Transport
I would personally prefer that the TCP MD5 choice not be used, but the model
is clear.
This approach lets the server handle that certificate path construction,
signature checking, and revocation checking. It seems desirable to offload
these potentially expensive operations, while preserving the integrity of the
subset of the information actually needed by the router.
Right, so precisely back to my original concern:
"Caches and routers MUST implement unprotected transport
over TCP using a port, rpki-rtr, to be assigned, see Section 12.
Operators SHOULD use procedural means, ACLs, ... to reduce
the exposure to authentication issues."
-danny
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf