At 6:49 AM +1000 7/15/08, Geoff Huston wrote:
Hi,
In reading draft-ietf-sidr-roa-format-03.txt with the changes to the
ROA format arising from the last WG meeting, I was wondering if
there was a "canonical form" for a ROA, or not.
e.g. If I have a ROA that includes
10.0.0.0/8, maxlength=32
and
10.0.0.0/24 maxlength=32
then obviously the second entry is redundant.
Also there are more "compressed" formats and less "compressed" formats
e.g.
10.0.0.0/8 maxlength=8
10.0.0.0/9 maxlength=9
could be "compressed" to
10.0.0.0/8 maxlength=9
My question is: is it of any value to define a "canonical" format for a ROA?
Is there an obvious answer to this question that I am missing?
Would you like to lead a WG discussion of this question at the SIDR
WG meeting, as an agenda item?
regards,
Geoff
A canonical format is required for any signed object. ASN.1 will
yield a canonical rep for the ipAddressBlocks SEQUENCE, but that is a
different from the higher level canonical rep you're asking about.
There the advantage to having such a rep is to better enable
comparisons between the values in the ROAs and the associated EE
certs. There is also the matter of being able to match BGP UPDATE
prefixes against these values.
Prior to adding the max prefix length value, we had a canonical
representation algorithm, based on the one defined for RFC 3779
address extensions. The only issue is how that changes based on the
inclusion of the maxlength parameter. I think we can define a new
canonical representation by making an arbitrary decision about how to
represent a given value when the use of the explicit maxlength value
might introduce ambiguity. I'll leave the details for Matt to work
out when he returns from vacation ;-).
Steve
_______________________________________________
Sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
