rcynic trust anchor note

svn path=/scripts/README; revision=1515
author: Rob Austein <sra@hactrn.net> 2008-02-19 20:30:48 +0000
committer: Rob Austein <sra@hactrn.net> 2008-02-19 20:30:48 +0000
commit: fda477b682e7c58f601726d8b422532c2e1fde4e (patch)
tree: a9ed9f2804aedefa9b50f8bc998b80691a8f2b0e
parent: 02607d2272cb3ca6fb1809f9c828ff27477ddf0e (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/scripts/README b/scripts/README
index 04435deb..07514a24 100644
--- a/scripts/README
+++ b/scripts/README
@@ -203,6 +203,19 @@ TO DO:
 
   [Not started]
 
+- rcynic handling of RPKI trust anchors probably needs updating.
+  Discussions over last N months of how RPKI trust anchors work, how
+  we package them, and how we roll them over.  Last I recall (need to
+  check email archives) APNIC had proposed a relatively simple format
+  (CMS signed PEM-encoded X.509 object set, or something like that).
+  Need to do analysis to make sure this is adaquate for our needs, if
+  so just use it.  This would involve minor changes to rcynic.
+
+  Alternatively, this could be a separate program to keep this grot
+  out of rcynic itself, but that's probably a usability nightmare.
+
+  [Not started]
+
 
 
 Things implemented but not yet tested:
author	Rob Austein <sra@hactrn.net>	2008-02-19 20:30:48 +0000
committer	Rob Austein <sra@hactrn.net>	2008-02-19 20:30:48 +0000
commit	fda477b682e7c58f601726d8b422532c2e1fde4e (patch)
tree	a9ed9f2804aedefa9b50f8bc998b80691a8f2b0e
parent	02607d2272cb3ca6fb1809f9c828ff27477ddf0e (diff)