In reading draft-ietf-sidr-cp-03, and S 2.3 specifically, I have a couple questions: "A new ROA will be published before a predecessor ROA has expired, or within 24 hours after an address space holder has changed the set of ASes that is authorized to advertise the address blocks it holds." What do folks believe would be normal behavior in a system if the CA and a new ROA were not available for some extended period of time? For example, some natural disaster occurred? I know an individual RP could "opt out", but that's not realistic for Internet-wide deployment.
Second, if a new ROA is required and that information is employed directly by the routing system and validated by a protocol such as SBGP, would this model require that each routing entry for which a ROA exists be readvertised every ~24 hours? I understand how an offline system could suppress certificate updates, but not if this information is directly employed by the routing system itself. Thanks! -danny _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
