Hi David, > Both the AS number and the prefix(es) are resources issued by an RIR. Are you > saying both the AS number and the prefix(es) for ROA must be issued by RIPE > to be accepted? I think that would be overly restrictive.
> I could see maybe only accepting ROAs authorizing address resources that RIPE > has issued. That was exactly what I had in mind as well.. as per ROA’s, filter to accept only what was allocated / assigned by the RIPE NCC. The AS nr could be from any rir. Regards, Erik Verstuurd vanaf mijn iPhone Op 29 sep. 2022 om 21:52 heeft David Farmer <[email protected]> het volgende geschreven: On Thu, Sep 29, 2022 at 2:11 PM Erik Bais <[email protected]<mailto:[email protected]>> wrote: Hi Randy, > so, you would exclude CAs which have resources from multiple RIRs? I didn’t say that.. the question from the NCC is .. do we want to run an non restictive publication point and support whatever someone uploads to it .. or do we need to restrict it to ripe region resources.. if you want to publish self signed resources from multiple rir regions.. you are able to do so by setting up an instance per region.. or use software that can manage that by publishing the resources back to where the delegation came from.. We worked for years with irrdb’s like radb that would accept everything from everywhere .. I hoped we learned something from that mess at the design table .. So again, not excluding anyone .. just push the stuff where it belongs … Erik Bais A ROA or Route Origin Authorization is an attestation of a BGP route announcement. It attests that the origin AS number is authorized to announce the prefix(es). Both the AS number and the prefix(es) are resources issued by an RIR. Are you saying both the AS number and the prefix(es) for ROA must be issued by RIPE to be accepted? I think that would be overly restrictive. I could see maybe only accepting ROAs authorizing address resources that RIPE has issued. Or am I missing something? I'm admittedly an amateur when it comes to RPKI. Thanks -- =============================================== David Farmer Email:[email protected]<mailto:email%[email protected]> Networking & Telecommunication Services Office of Information Technology University of Minnesota 2218 University Ave SE Phone: 612-626-0815 Minneapolis, MN 55414-3029 Cell: 612-812-9952 ===============================================
-- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/routing-wg
