WG Chair hat off
On 17/11/2008, at 5:23 AM, Andy Newton wrote:
Given that incremental deployment means the Internet will start out
with
route objects covered by neither, policy will have to determine what
to do
when a route object is not covered by a ROA (the bad situation you
mention
above). BOAs do not get us out of this.
You may want to read through draft-ietf-sidr-roa-validation. The draft
has details of this - section 2 of the document goes through the case.
And who is to be in the business of publishing trusted BOAs for
bogons?
Seems to me that it would be fraught with peril if they screw it up.
Only the certified holder of an address block can generate a BOA.
So I
suppose the answer to your question would depend on your preferred
interpretation of what is a "bogon".
Clear as mud! But this just re-enforces what I just said. There
will be
route objects not covered by either a BOA or a ROA.
of course - but the objective here is incremental capabilities that
increase the levels of assurance that is available to relying parties
to allow them to make reasonable decisions about what they can reject
and how they can apply relative preference to route objects.
Geoff
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
