On Wed, May 23, 2018 at 04:22:06PM -0400, Christopher Morrow wrote: > <lurk mode=off> > > On Wed, May 23, 2018 at 3:33 PM Job Snijders <[email protected]> wrote: > > > The signing AS is saying they created (and named) the list. This > > helps resolve various issues, such as "does AS-STEALTH belong to > > AS41847 or to AS8002"? > > wait, they signed this data and put it in their RPKI publication point > (for instance - forget that there is no RPKI object type for this), so > they 'claimed': > as-set: AS-STEALTH > > from which IRR? Or did you mean that they may sign something like: > as-set: AS-STEALTH@radb > > but did not sign: > as-set: AS-STEALTH@RIPE > > Else we still have confusion, because the MAINT-AS8002 may be upset when I > only accept AS-SET content from STEALTH-NET-MNT :( > > -chris > (who hopes to one day have better answers for this than: "err, ask the > customer / peer which irr they use?"
You are now describing issues of the IRR, I merely used this example to illustrate the problem. With AS Cones we can do better. We can structure the naming convention for this type of objects. For instance, for an AS Cone named "AS15562:AS-SNIJDERS" - we can structure it in such a way that only the CA Holder of the cert related to AS 15562 can sign "AS15562:AS-SNIJDERS". Earlier in the thread I used the term 'namespace'. Kind regards, Job _______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
