Danny: > I'm kinda surprised the security ADs are OK with this in a brand new connection-oriented protocol meant to increase security of the network: > > S.7: > > "Caches and routers MUST implement unprotected transport > over TCP using a port, rpki-rtr, to be assigned, see Section 12. > Operators SHOULD use procedural means, ACLs, ... to reduce > the exposure to authentication issues." > > -danny Since all of the objects that are transferred over this protocol are digitally signed, I do not see a security issue. I think the Security Considerations section (Section 11) does a good job explaining the situation Russ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf