Re: Proposed Up/Down protocol description

To: Robert Kisteleki <robert@ripe.net>
Subject: Re: Proposed Up/Down protocol description
From: Robert Loomans <robertl@apnic.net>
Date: Wed, 23 May 2007 21:02:49 +1000
Cc: Geoff Huston <gih@apnic.net>, Resource Cert List <rescert@apnic.net>
In-reply-to: <4654134B.50908@ripe.net>
Openpgp: id=C6B3AE7E; url=http://robert.loomans.org/0xC6B3AE7E.asc
Organization: APNIC - http://www.apnic.net/
References: <7.0.0.16.2.20070516122258.07116810@apnic.net> <20070517225346.BA1DA22826@thrintun.hactrn.net> <7.0.0.16.2.20070518165228.014415b8@apnic.net> <20070518175247.9CCFF22826@thrintun.hactrn.net> <AC9A3E81-D0BB-4B18-8C40-015875E46084@apnic.net> <4651AABA.9020804@psg.com> <7.0.0.16.2.20070522114938.029556a0@apnic.net> <4654134B.50908@ripe.net>
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.0.9) Gecko/20061207 Thunderbird/1.5.0.9 Mnenhy/0.7.4.666

>>     <?xml version="1.0" encoding="UTF-8"?>
> 
> Is there a real reason why we're using UTF instead of something simpler?
> While browsing through the messages, I could find no attributes that
> really needed UTF (unless a sender/recipient will be spelled with Kanji
> or something).

a) It's the default encoding for XML.
b) It is a common convention in XML to use UTF-8 unless you have very
good reason not to.


>> This command directs the IR to immediately mark all issued valid 
>> certificates issued by this IR within the named Resource Class with
>> this ISP's SKI value to be marked as revoked, causing the issued 
>> certificates to be withdrawn from the publication respository and
>> to be listed in the IR's subsequent CRLs within this Resource
>> Class.
> 
> I'd rather reverse this and say: "... causing the issued certificates to
> be listed in the IR's subsequent CRLs and potentially to be withdrawn
> from the publication repository.". This is again because the CRL is THE
> authoritative source of revocation, not the non-existence in a repository.

I think that the assumption was that you wouldn't issue the CRL right
away.... It would wait until the next scheduled cycle.

On the other hand, I agree that there doesn't appear to be much point in
removing the certs from the repository if the CRL is not updated.

Rob

-- 
Robert Loomans                                 Email:  robertl@apnic.net
Programmer/Analyst, APNIC                      Phone:    +61 7 3858 3100
http://www.apnic.net                             Fax:    +61 7 3858 3199

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: Proposed Up/Down protocol description
  - From: Robert Kisteleki <robert@ripe.net>

References:
- Proposed Up/Down protocol description
  - From: Geoff Huston <gih@apnic.net>
- Re: Proposed Up/Down protocol description
  - From: Rob Austein <sra@hactrn.net>
- Re: Proposed Up/Down protocol description
  - From: Geoff Huston <gih@apnic.net>
- Re: Proposed Up/Down protocol description
  - From: Rob Austein <sra@hactrn.net>
- Re: Proposed Up/Down protocol description
  - From: Byron Ellacott <bje@apnic.net>
- Re: Proposed Up/Down protocol description
  - From: Randy Bush <randy@psg.com>
- Re: Proposed Up/Down protocol description
  - From: Geoff Huston <gih@apnic.net>
- Re: Proposed Up/Down protocol description
  - From: Robert Kisteleki <robert@ripe.net>

Prev by Date: Re: Proposed Up/Down protocol description
Next by Date: Re: Proposed Up/Down protocol description
Previous by thread: Re: Proposed Up/Down protocol description
Next by thread: Re: Proposed Up/Down protocol description
Index(es):
- Date
- Thread