With credentials. Surely if you own the prefix, then you have power over those with credentials and the ability to remove all ROAs for it that point to as 42.
Thanks, Jakob. > -----Original Message----- > From: Randy Bush [mailto:[email protected]] > Sent: Friday, January 13, 2017 7:08 PM > To: Jakob Heitz (jheitz) <[email protected]> > Cc: Christopher Morrow <[email protected]>; Marco Marzetti > <[email protected]>; [email protected]; GMO > Crops <[email protected]>; Job Snijders <[email protected]> > Subject: Re: [Sidrops] [GROW] I-D Action: > draft-ietf-sidrops-route-server-rpki-light-00.txt > > > If you need to protect a prefix that you don't advertise then put ASN > > 0 into the ROA for it. Then nobody can advertise it. > > not exactly. someone (with credentials) can issue a roa for the same > prefix to as 42, and it will validate the origination. there can be > many roas which match a single announcement; all it takes is one to be > valid. > > randy _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
