tim bray wanted 6480 pushed harder

2022-03-10 12:45:11 -08:00 · 2022-03-10 12:45:11 -08:00 · 74d2ca709b
commit 74d2ca709b
parent 11a782f66b
1 changed files with 11 additions and 7 deletions
--- a/draft-ietf-sidrops-rpki-has-no-identity.xml
+++ b/draft-ietf-sidrops-rpki-has-no-identity.xml
@ -130,11 +130,15 @@
    services.  They claim to be authoritative, at least for the INRs
    which they allocate.</t>
    
-    <t>RPKI-based credentials of INRs MUST NOT be used to authenticate
-    real-world documents or transactions without some formal external
-    authentication of the INR and the authority for the actually
-    anonymous INR holder to authenticate the particular document or
-    transaction.</t>
+    <t>PKI operations MUST NOT be performed with RPKI certificates other
+    than exactly as described, and for the purposes described, in <xref
+    target="RFC6480"/>.</t>
+
+    <t>I.e., RPKI-based credentials of INRs MUST NOT be used to
+    authenticate real-world documents or transactions without some
+    formal external authentication of the INR and the authority for the
+    actually anonymous INR holder to authenticate the particular
+    document or transaction.</t>

    <t>Given sufficient external, i.e. non-RPKI, verification of
    authority, the use of RPKI-based credentials seems superfluous.</t>
@ -231,13 +235,13 @@
    <t>Control of INRs for an entity could be used to falsely authorize
    transactions or documents for which the INR manager has no
    authority.</t>
-
+<!--
    <t>RPKI-based credentials of INRs MUST NOT be used to authenticate
    real-world documents or transactions without some formal external
    authentication of the INR and the authority for the actually
    anonymous INR holder to authenticate the particular document or
    transaction.</t>
-
+-->
    </section>

  <section anchor="iana" title="IANA Considerations">