Randy: >>>> The consumer of geofeed data SHOULD fetch and process the data >>>> themselves. Importing datasets produced and/or processed by a third- >>>> party places significant trust in the third-party. >>> >>> this is in sec cons already. you want it moved up or duplicated? i >>> kinda like it where it is, but am flexible. >> >> I was not suggesting a new placement, just the edit to the last line. > > sorry. sure. > >> I propose adding that to the bottom of the paragraph that starts: >> >> If and only if the geofeed file is not signed per Section 5, ... >> >> By doing that, it does not conflict with the requirement in Section 5 >> that the address range of the signing certificate cover all prefixes >> in the signed geofeed file. > > When reading data from an unsigned geofeed file, one MUST ignore data > outside the referring inetnum: object's address range. This is to > avoid importing data about ranges not under the control of the > operator. Note that signed files MUST only contain prefixes within > the referring inetnum:'s range as mandated in Section 5.
Fine with me. Russ _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
