Geoff Huston wrote: > WG Chair Hat Off > > On 08/10/2008, at 7:05 AM, Brian Dickson wrote: > >> (Sorry in advance - long post ahead. Please read, however, when you have >> time, everyone. There's some valuable operator input here.) > > Brian when I read your post I was reading it with the following > example in mind > > ROA1 > 10.0.0.0/16, maxlength=18, 10.1.0.0/16, maxlength=18, EE Cert=10.0.0.0/15 > > and > > ROA2 > 10.0.0.0/15 minlength=16, maxlength=18, EE Cert=10.0.0.0/15 > > Now as far as I can tell these are equivalent ROAs, yes? >
Yeeeeeees. However, my reading of the drafts suggest that the EE Cert needs to exactly match the ROA. Is that the case for ROA1? > Now what, in your examples could be expressed using ROA1 that chould > not be expressed using ROA2, and vice versa? The reason why I ask the > question was that in my readon of your post I saw nothing that helped > me distinguish between these cases. For the small example above, there is no difference. But that example is, in some respects, a "straw man"... The problem is when you get into things like: 10.0.0.0/16, minlength=24, maxlength=24 or 10.0.0.0/12, minlength=21, maxlength=29 or 2001:foo::/48 minlength=56, maxlength=126 (Enumeration in binary systems doesn't scale well.) I can think of environments where this kind of thing might be desired, if not outright required. MPLS BGP VPNs, or virtual machine environments (EC2), among others. Even if we're not necessarily designing this for use in anything other than the DFZ Internet, I don't see strong disincentive to designing flexibility into the system, to support other uses. Brian _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
