On Mon, Jun 27, 2011 at 04:06:22PM +0200, Matthias Waehlisch wrote: | Hi, | | this question addresses the scenario, in which a BGP update contains | an AS_SET. According to draft-ietf-sidr-pfx-validate-01, the variable | origin_as would be defined as "NONE". In case of a valid certificate for | the prefix, the prefix validation function would return "INVALID". | | BGP updates including an AS_SET with a valid certificate would never | be valid. Correct? This seems a bit rough. Can you clarify the reason | behind? I would expect that if a valid record for at least one origin AS | within the AS_SET exists, the funcion will return "VALID".
depends ... - my understanding of the logic for extracting the "to-be-validated" AS is something alike: If aggregator is present and right-most AS segment type is AS-Set, then use aggregator AS for validating, else if if right-most AS segment type is AS-set -> result: not found else use right-most AS for validating _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
