> On Oct 12, 2023, at 01:42, Willy Manga <[email protected]> wrote:
>
> .
>
>> On 12/10/2023 10:00, Owen DeLong wrote:
>> [...]
>>>> However, IF YY is paying attention, and YY wants to advertise
>>>> 2001:db8::/32 as well as allow 2001:db8:8000::/36 and 2001:db8:f000::/36,
>>>> I would expect AS YY would generate ROAs for
>>>> 2001:db8::/32 with ORIGIN-AS=YY MAXPREFIXLEN=36
>>>> 2001:db8:0::/33 with ORIGIN-AS=0 (no MAXPREFIXLEN needed)
>>>> 2001:db8:8000::/36 with ORIGIN-AS=YY MAXPREFIXLEN=36
>>>> 2001:db8:9000::/35 with ORIGIN-AS=0 (no MAXPREFIXLEN needed)
>>>> 2001:db8:a000::/34 with ORIGIN-AS=0 (no MAXPREFIXLEN needed)
>>>> 2001:db8:c000::/34 with ORIGIN-AS=0 (no MAXPREFIXLEN needed)
>>>> 2001:db8:e000::/36 with ORIGIN-AS=0 (no MAXPREFIXLEN needed)
>>>> 2001:db8:f000::/36 with ORIGIN-AS=YY MAXPREFIXLEN=36
>>>
>>> As Dale suggested in another email[1], it's better to just cover ROAs for
>>> what you are advertising. Why?
>> If that works, perhaps… OTOH, I’m not sure it does. I’m not sure the /32
>> MAXLEN 32 wouldn’t prevent effectiveness of the /36 ROAs.
>>>
>>> 1. I can't confirm at this stage that all the implementation allows you to
>>> leave the maxLength field empty.
>> I can… It’s an Optional Field in the specification.
>
> For the _specification_ yes. But by "Implementation" I'm referring to
> whatever either the RIR (those using hosted mode) or your own RPKI
> Certificate Authority (those using the delegated mode) will allow.
I don’t consider non-compliant implementations as something that needs to or
even should be accommodated.
Owen
