[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Proposed Agenda items of Tallinn meeting
At Fri, 27 Apr 2007 08:14:23 +1000, Geoff Huston wrote:
>
> In thinking about this some more, the question is "is there any
> _forced_ reason why the SIA needs to be unique across all CAs?" I
> cannot think of such a reason - maybe RobK and/or RobA can, however.
Assuming (per Russ) that we're talking about absolute (not relative)
URIs (ie, "rsync://host/wombat" rather than "/wombat"), the reason is
simple.
When doing a top-down walk of the distributed repository, rcynic
examines at any particular SIA collection for a specific reason: it's
there because some cert said "this is where to find stuff I publish".
rcynic therefore expects anything in that collection to be signed by
the private key corresponding to that cert. If it finds anything
else, it throws it away. This is basic to the validation model.
So if you have multiple certs pointing at the same directory, rcynic
is going to have to process the contents of that directory multiple
times, which is a waste of effort. Probably not a huge waste of
effort except in pathological cases, but remember that every relying
party in the system is running rcynic periodically, so multiply that
small hit by the number of relying parties, then remember that every
relying party is doing this daily (or perhaps hourly). It adds up.
If this CPU time were being spent on something useful, I'd call it a
cost of doing business, but in this case it's just being wasted by a
gratuitously bad repository design, so it's antisocial behavior that
should be forbidden (or at least discouraged) for the common good.
I thought we'd been through this particular discussion at some length
about eight months ago, but perhaps memories have faded.
