Two issues came up during the ROA Format presentation at IETF 73:
1) Should the ROA Format draft explicitly prohibit a ROA with overlapping prefixes? (E.g. A ROA that says AS # 1 can originate routes to 10/8, 10.10/16 and 10.20/16)
2) Should the ROA Format draft prohibit the use of the "Inherit" Flag in the RFC 3779 IP Address extension of the EE certificate corresponding to the ROA?
In both cases, implementors have claimed that the prohibition would improve implementation efficiency and/or ease of coding/testing. The trade off is that in certain cases such prohibitations would require putting additional bits in the repository (I.e. in the first case, an ISP may sometimes need to issue an additional ROA; and in the second case, some ISPs may need to create larger EE certificates).
I don't have a strong opinion, although my inclination is towards writing both of these prohibitions into the document. In any case, I'd very much like to resolve these issues quickly. (Since I believe that the ROA Format draft is otherwise ready for last call).
- Matt Lepinski _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
