could I suggest that: "A" ... is a bit rough on the reader in sentences like: "A wants to re-route traffic from these organizations..."
A what? a giraffe? oh! Entity-A (or Network-A).. maybe change 'A' to 'Entity-A' or 'Network-A' ? Also there's a sad choice of time to use a pronoun in your example: "Organization A is authorized to control the routing of traffic from a set of organizations (within A's administrative control) to the rest of the Internet. A wants to re-route traffic from these organizations that is destined for a set of systems outside of A's administrative control to a set of systems under its control, or to have that traffic dropped." What is 'its' there? Org-A? his customers? the systems? generally it would be better to be clear and not use pronouns. On Wed, Apr 8, 2015 at 9:34 PM, Declan Ma <m...@zdns.cn> wrote: > Karen, > > This is indeed a better description. > > And I believe it would be even better if Randy could describe how a "local > trust anchor” takes effect on different cases. > > > Declan Ma > > ZDNS Ltd. > > > >> 在 2015年4月4日,上午2:18,Karen Seo <k...@bbn.com> 写道: >> >> Folks, >> >> Here's a better description of Case 3. (Thanks go to David Mandelberg for >> catching the problems with the previous version.) >> Case 3: >> Organization A is authorized to control the routing of traffic from a set of >> organizations (within A's administrative control) to the rest of the >> Internet. A wants to re-route traffic from these organizations that is >> destined for a set of systems outside of A's administrative control to a set >> of systems under its control, or to have that traffic dropped. A >> accomplishes this by controlling the UPDATES (for the routes to the >> addresses for those systems) that are sent to those organizations. If these >> organizations use the RPKI, A needs a way to ensure the information they >> obtain from the RPKI supports A’s traffic management goals. >> >> For example, Alice runs the network operations for a large consortium C that >> operates AS Y. Her management requests that traffic from C's members that is >> destined for a competitor's server at address Q in AS X, be re-directed to >> one of C's servers in AS Y. To do this, Alice assigns address Q to a server >> in AS Y and has AS Y originate routes for address Q. Alice has to ensure >> that the RPKI has the appropriate certificates, ROAs, etc. for these >> approved routes, as well as for the rest of the Internet. >> Karen >> >> On 3/10/15 1:38 AM, Karen Seo wrote: >>> Randy et al., >>> >>> In hopes of restarting work on this draft, here is proposed text for >>> section 4. This is an attempt to integrate the original text with the >>> comments to the list submitted back in Feb 2014. My apologies if I've >>> mis-understood the original draft text or the comments. Does this >>> correctly and clearly describe the use cases? >>> >>> 4. Use Cases >>> >>> Case 1: >>> Organization C finds that its CA certificate has been revoked (or modified >>> to remove resources) by the RIR (or ISP) that issued it. Or, if C has >>> outsourced its CA operations, C finds that one of its children's >>> certificates has been revoked (or modified to remove resources). C >>> disagrees with this action and would like relying parties to be able to >>> ignore, at their discretion, the certificate revocation (or modification). >>> The revocation or modification could be: >>> • unintentional, i.e., due to an error by RIR (or ISP) staff >>> • malicious, i.e., done with the intent to cause problems, which could >>> be aimed at C or some other entity. >>> • mandated by a law enforcement agency in the jurisdiction where the >>> RIR (or ISP) operates >>> For example, Carol, a RIPE resource holder (LIR, PI holder, ...), is a >>> victim of the "Dutch Court Attack." Someone has convinced a Dutch court to >>> force the RIPE/NCC to remove or modify some or all of Carol's certificates, >>> ROAs, etc. or the resources they represent. However, the operational >>> community wants to retain the ability to route to Carol's network(s). >>> >>> Case 2: >>> Organization B makes use of private address space (RFC 1918) or address >>> space allocated to another party but not globally announced by that party >>> or by B. B wants its routers to be able to use RPKI data for both internal >>> routing to these addresses and for global routing. >>> >>> Case 3: >>> Organization A is authorized to control the routing of traffic from a set >>> of organizations (within A's administrative control) to the rest of the >>> Internet. A wants traffic from these organizations that is destined for a >>> set of prefixes outside of A's administrative control to be routed to other >>> addresses, or to be dropped. A accomplishes this by controlling the UPDATEs >>> sent to those organizations. Because these organizations use the RPKI, A >>> needs a way to coordinate their use of the RPKI in support of A’s traffic >>> management goals. >>> >>> For example, Alice runs the network operations for a large consortium X. >>> Her management requests that traffic (from X's members) that is destined >>> for a competitor's site, be re-directed to a site approved by X. To do >>> this, Alice has to ensure that the RPKI has the appropriate certificates, >>> ROAs, etc. for those approved addresses as well as for the rest of the >>> Internet. >>> Thank you, >>> Karen >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> sidr mailing list >>> >>> sidr@ietf.org >>> https://www.ietf.org/mailman/listinfo/sidr >> >> _______________________________________________ >> sidr mailing list >> sidr@ietf.org >> https://www.ietf.org/mailman/listinfo/sidr > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
