On Wed, May 23, 2018 at 4:26 PM Job Snijders <[email protected]> wrote: > On Wed, May 23, 2018 at 04:22:06PM -0400, Christopher Morrow wrote: > > <lurk mode=off> > > > > On Wed, May 23, 2018 at 3:33 PM Job Snijders <[email protected]> wrote: > > > > > The signing AS is saying they created (and named) the list. This > > > helps resolve various issues, such as "does AS-STEALTH belong to > > > AS41847 or to AS8002"? > > > > wait, they signed this data and put it in their RPKI publication point > > (for instance - forget that there is no RPKI object type for this), so > > they 'claimed': > > as-set: AS-STEALTH > > > > from which IRR? Or did you mean that they may sign something like: > > as-set: AS-STEALTH@radb > > > > but did not sign: > > as-set: AS-STEALTH@RIPE > > > > Else we still have confusion, because the MAINT-AS8002 may be upset when > I > > only accept AS-SET content from STEALTH-NET-MNT :( > > > > -chris > > (who hopes to one day have better answers for this than: "err, ask the > > customer / peer which irr they use?" > > You are now describing issues of the IRR, I merely used this example to > illustrate the problem. With AS Cones we can do better. We can structure > the naming convention for this type of objects. > > ok, cool.
> For instance, for an AS Cone named "AS15562:AS-SNIJDERS" - we can > structure it in such a way that only the CA Holder of the cert related > to AS 15562 can sign "AS15562:AS-SNIJDERS". Earlier in the thread I used > the term 'namespace'. > > ok, my misunderstanding perhaps :) Oh, so: "like as-set, not as-set exactly". > Kind regards, > > Job >
_______________________________________________ GROW mailing list [email protected] https://www.ietf.org/mailman/listinfo/grow
