Update RPKI TA notes

svn path=/rpkid/README; revision=1803
author: Rob Austein <sra@hactrn.net> 2008-05-19 20:14:18 +0000
committer: Rob Austein <sra@hactrn.net> 2008-05-19 20:14:18 +0000
commit: 8ba1be0fc4f98ec1b83152d2f9dffe39be118121 (patch)
tree: 9a4d3462444b167221f8a9d10376aa213128853b
parent: 0ab6d7ee658b6f64f89bc0046784c73f1da70c64 (diff)
1 files changed, 11 insertions, 3 deletions
diff --git a/rpkid/README b/rpkid/README
index bcdcf7f7..308a6228 100644
--- a/rpkid/README
+++ b/rpkid/README
@@ -54,9 +54,17 @@ TO DO:
 
 	APNIC is now proposing a CMS-signed ASN.1 blob containing a
 	version number and an RPKI certificate.  Kent and Housley have
-	not bought into this yet.  Need to do analysis to make sure
-	this is adequate for our needs, if so just use it.  This would
-	involve minor changes to rcynic.
+	not bought into this yet.
+
+	RIPE is proposing that trust anchors just be a URL and a
+	public key, which one would use by fetching a self-signed RPKI
+	cert from the URL and comparing the public key.
+
+	If everybody homes under IANA, none of this is necessary and
+	what rcynic already does should suffice.
+
+	Need to pick something and go with it.  All but "home under
+	IANA" would require minor changes to rcynic.
 
 	PRIORITY: Required for pilot (usability issue for relying parties)
author	Rob Austein <sra@hactrn.net>	2008-05-19 20:14:18 +0000
committer	Rob Austein <sra@hactrn.net>	2008-05-19 20:14:18 +0000
commit	8ba1be0fc4f98ec1b83152d2f9dffe39be118121 (patch)
tree	9a4d3462444b167221f8a9d10376aa213128853b
parent	0ab6d7ee658b6f64f89bc0046784c73f1da70c64 (diff)