diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/regeng-api | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/scripts/regeng-api b/scripts/regeng-api index d1030a89..d2db9929 100644 --- a/scripts/regeng-api +++ b/scripts/regeng-api @@ -13,16 +13,16 @@ ;;; - RE: RPKI Engine ;;; Current problems: -;;; + ;;; Model below is still wrong, although converging on the right ;;; thing. Children should not be bound within CAs, and CA's can't be ;;; created until we poll parent to find out what to create; CAs need ;;; to be created on the fly. Children should be business ;;; relationships, not per-CA things. parent operations should be per ;;; customer not per ca. -;;; + ;;; Need revoke and rekey operations. -;;; + ;;; And, er, how do things like publication URIs (which also go into ;;; some of the X.509 extensions in the resource certs) get into the ;;; RE anyway? This is close to being the same question as how do we @@ -31,6 +31,13 @@ ;;; response to what we learn from our parent, how do we map that to ;;; any kind of preconfigured data on where we should publish? This ;;; is a mess. +;;; +;;; Might it help to have per-parent config for this, since we have to +;;; config parents anyway? That'd give us the head of the publication +;;; URI, leaving us to figure out just the tail. Could gensym name +;;; tail for dynamically created CAs, could take name tail from chat +;;; with parent (risky? evil parent gives us dangerous name?), could +;;; take name tail from local config but it's hard to see how. |