On Dec 2, 2008, at 7:24 PM, Stephen Kent wrote:
An AS 0 ROA is a positive assertion about the prefixes expressed in
it, as far as RP software is concerned. The "feature" of this
assertion is that, any unauthenticated assertions about the prefixes
should be rejected in favor of this verifiable ROA (assuming that
the ROA was signed by an entity that holds the prefixes in
question). In saying that I am making some assumptions about how ROs
use ROAs, and Danny has argued that we need to be more precise about
such assumptions.
I see the AS 0 ROA as a valuable tool to deal with unallocated and
reserved address space, during the very long period when relying
parties will see a mix of verifiable and unverifiable assertions
about route origination. I have not thought so much about the
utility of this capability in a fully deployed system. I also did
not consider assertions about AS numbers, a feature of BOAs.
Steve,
Sorry for the late reply on this subject, but I was rereading the
archives and it brought to my recollection a statement you made at the
microphone in Minneapolis regarding AS 0 ROAs. I didn't readily grasp
the meaning of what you said, so I'm seeking clarification.
As I recall, you stated that a registry wishing to use a BOA to cover
its space could just as well use AS 0 ROAs with a different practice.
Whenever that registry allocated space, it would have to reissue the
AS 0 ROAs so the newly allocated space is not covered. At least I
think that was the gist of what you described.
Is this correct, or can you explain again the scenario you mentioned?
-andy
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
