I look forward to reading your code, Geoff. The process of retrieving and checking an RPKI tree is already a fairly complex recursive tree walk with many fiddly checks that have to be done in the right order to avoid various attack scenarios. The last thing this traversal algorithm needs is a gratuitous requirement that at each ROA it finds it must be prepared to go haring off after an arbitrarily large number of new certificate chains in different parts of the tree on a pointless quest to solve a non-problem.
Do you have ANY evidence whatsoever for compelling real world cases? Don't talk theory. Show me a real case where this would matter. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
