Hi, On 10/08/2012, at 4:25 AM, Christopher Morrow wrote:
> an interesting outgrowth of the grandparenting could be the ability to > 'avoid' LEA actions at middle tiers of the address allocation > heirarchy... that's something to consider, i'd say. I don't believe this is true. If C has taken some action, LEA triggered or otherwise, that means the RPKI system no longer asserts that G's intent for packet delivery is true, then merely allowing G to issue an RPKI assertion does not prevent C from asserting whatever they like, too. If a LEA requires C to issue an AS0 ROA 10.42.2.0/23, then creating an ASn ROA for the same prefix, same maxLength will not ensure packets are delivered correctly. Perhaps the underlying operational problem where A is not quite sure yet of C's status could be better addressed by section 4.9.4 of the CPS - if A has been convinced that G is the current holder of the resources, A could register the change of holding, but include in their CPS that they may provide a grace period for revocation on a case by case basis. (If A has not been convinced that G is the current holder of the resources, then delivering packets to G for those resources would not be a positive engineering outcome, it would be deliberately mis-directing packets, which the RPKI is intended to prevent!) Byron, speaking only for myself
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
