Hi Randy,
On 5/11/16 12:42 PM, Randy Bush wrote:
I would propose adding some text to this draft (probably as a
sub-section in section 2) that says that the SIA defined in RFC 6487 is
omitted when a certificate is used to sign RPSL objects.
perhaps you might also include your reasoning for this seemingly odd
choice.
The SIA in 6487 mandates an rsync URI that points to the object that is
signed with the certificate. I am not aware of any RPSL servers that
support referencing an RPSL object via rsync.
I agree that the original text allowing multiple signatures supports
the case where the components of the primary key of the object (i.e.,
prefix+ASN) come from different resource holders. I will restore that
text.
this is gonna be really simple; no complications at all i am sure.
btw, was this a consensus of the wg?
The original draft supported multiple signature attributes. During WG
review (WGLC?, don't recall), several people suggested simplifying the
approach by only allowing one signature attribute. Given the route[6]
example, we need multiple signatures modulo the proposed text to clarify
the handling/generation of those signatures.
Regards,
Brian
signature.asc
Description: OpenPGP digital signature