At 10:32 AM -0400 5/4/11, Sam Hartman wrote:
>... Let me see if I can summarize where we are: You've describe an upgrade strategey for the origin validation in the current set of docs. It depends on the ability to store multiple certs, ROAs and other objects in the repository.
requirements that already exist to accommodate key rollover and alg transition for the RPKI. We have a SIDR doc describing both key rollover,
You agree that when SIDR looks at using RPKI objects in the newly adopted work it will need some upgrade strategy for format, keys and algorithms. There are probably a number of options for how to accomplish this. Even if the working group did decide to update processing of RPKI objects at that point, requiring new behavior from parties implementing a new protocol would be possible.
I find your last sentence above confusing. I would say that the BGPSEC protocol will have to define how it deals with alg changes for the signed objects it defines, with key changes for RPKI certs, with alg changes for all RPKI objects, and with format changes for RPKI objects and for its own objects.
Steve _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf