On 18/11/2008, at 12:54 PM, Randy Bush wrote:
Yes, I agree that there are some potential issues in correct
interpretation if there are combinations of ROAs where there is
implicit
negation associated with the ROA. This should be basic 3
dimensional set
work (prefix, AS, yes/no) and I think that the result is always
deterministic for any collection of ROAs, but that does not make it
always trivial to construct a desired origination policy. But as ROAs
are only a positive assertion then this is probably a moot point.
roas with magic as numbers vs boas is syntactic sugar. the semantic
problem you mention applies to both.
randy
I do not accept that ROA to AS0 and BOA is just syntactic sugar. They
are substantially different in their logic, and semantic intent.
A BOA is a positive assertion by the resource holder of the exact
behaviors in respect of their prefix and a purported origin AS that
they DO NOT wish to see expressed.
Of course they can be used to simply do a negation of things not seen
in the ROA, but they have far more expressive capability and can say
things, materially useful to achieve the range of origination policies
used by network operators at the present time.
We drew on the ROA *syntax* precisely to seek a syntactic similarity,
to ease coding, We chose CMS deliberately for consistency with other
signed object construction.
Please do not allow that syntactic similarity to the ROA to hide the
quite clear SEMANTIC DIFFERENCE which we hold in the BOA.
I still stand by the BOA draft. I think it adds useful tools into
routing security for operators.
-George
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
