>>> The consumer of geofeed data SHOULD fetch and process the data >>> themselves. Importing datasets produced and/or processed by a third- >>> party places significant trust in the third-party. >> >> this is in sec cons already. you want it moved up or duplicated? i >> kinda like it where it is, but am flexible. > > I was not suggesting a new placement, just the edit to the last line.
sorry. sure. > I propose adding that to the bottom of the paragraph that starts: > > If and only if the geofeed file is not signed per Section 5, ... > > By doing that, it does not conflict with the requirement in Section 5 > that the address range of the signing certificate cover all prefixes > in the signed geofeed file. When reading data from an unsigned geofeed file, one MUST ignore data outside the referring inetnum: object's address range. This is to avoid importing data about ranges not under the control of the operator. Note that signed files MUST only contain prefixes within the referring inetnum:'s range as mandated in Section 5. randy _______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg