diff options
| author | Rob Austein <sra@hactrn.net> | 2007-03-20 22:08:24 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2007-03-20 22:08:24 +0000 |
| commit | 492e56202959a1d2a23decc5c378cb4a89e494bc (patch) | |
| tree | bcb40713a06ca197f7bf767edebb28c16f72f744 | |
| parent | e969a7c5c541faaa35e2b2b7c0a237cac6e00b40 (diff) | |
Record current issues.
svn path=/scripts/regeng-api; revision=518
| -rw-r--r-- | scripts/regeng-api | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/scripts/regeng-api b/scripts/regeng-api index dbec3327..d1030a89 100644 --- a/scripts/regeng-api +++ b/scripts/regeng-api @@ -12,6 +12,26 @@ ;;; ;;; - RE: RPKI Engine +;;; Current problems: +;;; +;;; Model below is still wrong, although converging on the right +;;; thing. Children should not be bound within CAs, and CA's can't be +;;; created until we poll parent to find out what to create; CAs need +;;; to be created on the fly. Children should be business +;;; relationships, not per-CA things. parent operations should be per +;;; customer not per ca. +;;; +;;; Need revoke and rekey operations. +;;; +;;; And, er, how do things like publication URIs (which also go into +;;; some of the X.509 extensions in the resource certs) get into the +;;; RE anyway? This is close to being the same question as how do we +;;; configure the publication point, as the data are largely the same. +;;; Part of the problem is that, if we create CAs on the fly in +;;; response to what we learn from our parent, how do we map that to +;;; any kind of preconfigured data on where we should publish? This +;;; is a mess. + ;;; Protocol operations between RE and signing engine. This assumes @@ -200,6 +220,7 @@ => (biz-signing-context) (please-run-this-cust-id-now :cust-id 42) +=> () |