Rob, Geoff's question was about representing data in ROAs.
The ABNF you cite is for RPSL, right? This has become a complicated discussion because the max length parameter is taken from RPSL, but a ROA does not directly represent RPSL. Moreover, as I noted in my message to Geoff, one thing we do with a ROA is to check that the EE cert used to verify the signature on a ROA authorizes the assertion made by the ROA. So, we have to begin by comparing the ROA address prefixes against the RFC 3779 address ranges in the EE cert. That motivates the adoption of a canonical (at a high level) representation for these prefixes, augmented by the max length parameter.
So, we have to deal with two external data sources simultaneously: 3779 extensions in the EE cert and the RPSL-inspired max length parameter. Also, after we have validated a ROA, we will use it to generate RPSL, so we have to keep that in mind as well :-).
Steve _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
