wg chair hat off
So, by your interpretation, yes. But that's me, and that's how I'd
configure my routers, and each operator can configure their routing
policy how they like in this regard.
So what I think you are saying here Danny is that:
- there should no standard for the interpretation of ROAs and its up
to each relying party to figure out what they want to do - i.e. you
are in effect advocating that the WG that the WG has erred in taking
on the roa-validation draft and that the WG should abandon the roa-
validation draft completely.
- you want to configure your environment such that you, as a relying
party, want to interpret a ROA as including the semantics of denial of
all other possible route objects, irrespective of the intended
semantics of the ROA publisher.
- you do not want to use a BOA in your environment, and you want to
stop anyone else from using as BOA in terms of a BOA as defined by an
IETF standards document in any case.
Obviously I disagree with this approach, in that if the semantics of
route attestations are in the eye of the beholder this entire effort
is a complete waste of everyone's time. If the intentions of the
creator of the object can be variably interpreted by relying parties
then what you don't have as a result is a secure system. I'm not sure
what you would call the outcome, but "secure" would not be a part of
it as far as I can figure out. I'm not sure where this line of
reasoning you are using here Danny is headed, and I really can't
understand how it fits into the overall architecture being developed
in SIDR.
Geoff
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
