>>Suppose there were a small handful of commonly used trust anchors >>Would you then say that a list of signatures made sense? > >well, if the list is "commonly used" then you could pick any one, right :-)?
I meant suppose there were a set of TAs that covered the TAs that were commonly used. Not that common use was to use the entire set. >I still think this is the wrong model. The original rationale for >multiple signatures for a ROA was NOT to accommodate multiple TAs, >but rather to accommodate a ROA that contained prefixes acquired from >multiple sources, and thus no EE cert could be created that merged >these prefixes (due to RFC 3779 constraints). That is a different answer than was given in the meeting, but it is an answer I had half expected. The question then becomes whether we have to relate each signature to the prefixes it covers, or whether we are OK with a validation rule that as long as the stated prefixes are completely covered by the union of the prefixes associated with the signatures, the ROA is valid. --Sandy _______________________________________________ Sidr mailing list [email protected] https://www1.ietf.org/mailman/listinfo/sidr
