Tim, Another thought re where (not) to place the ss-cert to which a TAL points.
An RPKI repository pub point contains a CRL. That CRL contains serial numbers for certs that were published at this pub point, or that were embedded in objects at this pub point The ss-cert will never be on a CRL (this is true for TAs in general, and is explicitly mentioned in the TAL RFC). So, publishing this cert at a pub point is inconsistent with the general RPKI model as it is outside the scope of the CRL at that pub point.
Steve _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
