In section 3 "ROA Validation": > 4. Verify that the EE certificate has an IP Address Delegation > extension [RFC3779] and that the IP address prefix(es) in that > extension exactly matches the IP address prefix(es) in the ROA.
I assume this does not require that the encoding match. If it did, it would conflict with RFC3779 which requires the minimal encoding. eg, A ROA could have two prefixes, say 11.0.0.0/8 and 12.0.0.0/8, encoded as two IPAddress fields, whereas RFC3779 would dictate that they would be encoded as a range 11.0.0.0-12.255.255.255. Rob -- Robert Loomans Email: [EMAIL PROTECTED] Senior Programmer/Analyst, APNIC Phone: +61 7 3858 3100 http://www.apnic.net Fax: +61 7 3858 3199
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Sidr mailing list [email protected] https://www1.ietf.org/mailman/listinfo/sidr
