At 10:09 PM -0500 11/21/11, Danny McPherson wrote:
...
> I don't understand all of the words above.
Apologies for the loose terminology here.. Try this..
AS1 --- ISP1 (AS2) --- ISP2 (AS3) --- AS4
In the case of LTA if these four parties wish to transact their
constraints files
(or shared "non-putative" RPKI TAs) must be familiar and synchronized with
each other via some out of band mechanism - i.e., they either have to:
1) synchronize LTA contents across the set
2) share a common non-putative TA that magically does this
and in doing so, they likely would want to constrain what a TA is allowed to
assert, via a constraints file, as noted above?
That is, LTA for the local AS doesn't fix the multi-AS/multi-administrator/RP
issue, and so some synchronization or shared non-putative TA needs to be
developed in they desire autonomy outside of the putative set.
Is that correct?
The original model for an LTA was, as the name suggests, local, hence
just one AS. However, it is easy to extend that model to encompass a
set of AS'es under the same admin control. In that case, the set of
ASes all agree to accept the
RPKI "view" managed by some entity in control (relative to the set of ASes).
In your example are all of the ASes independent? You say that they
want to "transact their constraints file" but you didn't say why, nor
what the relationships might be among the constraints file for each
AS.
The LTA constraints, as currently defined, are expressed via a set of
local processing flags, tags, and pointers (via SKIs) to extant certs
(sections 3.2-3.4). All of these can be shared, but that doesn't say
what each AS would do if the values of the flags or tags differ.
Since I'm not sure what the trust model is here, I don't know if this
is a problem. Also, if the blocks subsection has conflicting
directions it's not clear what each AS should do. (A union of the
constraints would work cleanly, but only if the affected subtrees are
disjoint. Other attempts at forming a union of constraints could
break, depending on the details.)
Modulo the issue of constraint conflicts, each AS can maintain its
own LTA, and perform the re-parenting and "perforation" as directed
by the blocks subsection of the constraints.
Does that answer your question?
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
