On 26/11/2008, at 4:53 PM, Randy Bush wrote:
ie, if you dislike these words, please instead of just knocking down,
can you help construct?
see wrestling with pigs. and this is my last go on this for today.
I find this comment offensive, and if the intention was to belittle
me, then it has certainly succeeded.
noting netmask, maxlen, which clearly removed the 'rigorous' -what
else
is wrong with the text?
it does not even say that if there is a roa specifying that A may
announce P, that, in the absence of a roa saying that B may also
announce P, an announcement of P by B should be rejected.
So, although previously you have said that you do not wish downstream
players to be brought into this process involuntarily, and you have
also stated that we should respect current ISP/Operator practice,
which includes holders of aggregate/covering blocks announcing that
block, but permitting specific prefixes to be multihomed and announced
as more specifics, you now say that in this emerging reality, if a ROA
exists for the superblock then a consequence is that *ALL*
announcements for more specifics *MUST* be covered by a ROA, even
during the partial deployment scenario.
IE you are now a 'maximalist' and believe that the act of a superior
delegate LIR/ISP issuing a ROA requires all downstream participants
with routing rights in that block, to become full-blown players in RPKI?
Can I just confirm that on-record Randy?
it should. the owner stated their intent. if they had intended B to
announce, they could and should have said so. they did not run out of
ink or lack the pen.
in fact, it strangely says the opposite,
"While the presence of a valid ROA that matches the advertisement is a
strong indication that an advertisement matches the authority provided
by the prefix holder to advertise the prefix into the routing system,
the absence of a ROA or the invalidity of a covering ROA does not
provide a conclusive indication that the advertisement has been
undertaken without the address holder's permission ..."
to me that is a whole lot of broken words merely in order to justify
boas.
Randy, the text *I* posted to you, came from the ---> R.O.A. <---
draft, which is authored by Steve Kent and others. It has *NO*
reference to BOA, none at all.
If you wish to critique the formalisms over a ROA, the canonical text
is in the ROA draft, and if you wish to discuss the ROA draft, and its
definitional language, then I think you should discuss the ROA draft.
Not the BOA draft, which of course, is a different draft. Nor this
draft you cite in fact.
What you quoted was the validation draft. This does not define the
ROA. It is a draft where we discuss validation of routing, as it says
in the title:
Validation of Route Origination in BGP using the Resource Certificate
PKI
-George
randy
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
