Hi Andrew,
> > Therefore, the BBN validator does the only thing sensible, which is > validate based on filename and certificate chain. After that, we check > against the manifest and emit a warning if it doesn't look right. And > we provide the user with configuration flags to control the output of > validator: does he want output from the "perfect" ROAs only (with > perfect manifests all the way up the chain), or is some level of > grayness acceptable. > > Manifests are murky, especially when you misuse them. Filename > extensions are not. Maybe the repository should have been constructed in LDAP with a manifest object there to confirm the ldap search returned all the roa objects. I am, and still, remain uncomfortable about RPKI using filename extensions as the only mechanism to select the validation regime. It might be a flippant statement but even Microsoft office can tell a word document from an excel document without the extension. Perhaps Randy's terse statement about starting again with TLVs isn't actually bad advice given that getting stuff from a repository isn't actually a specific question/answer model. Cheers Terry _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
