speaking as regular ol' member This is a discussion of grandparenting, NOT a discussion of adoption of the grandparenting draft.
There have been suggestions of several different actions a grandparent might do. Most of the comments so far focus on issuance of CA certificates to a grandchild. But there are other actions a grandparent might take. For example. One action already mentioned would be issuing ROAs for the grandchild, by the grandparent. That doesn't disturb the consistency with the allocation system. We have long discussed that providers might issue ROAs for RPKI-unprepared children. The RPKI structure allows for multiple ROAs for the same prefix (for multihoming) and for multiple ROAS for more specifics inside the same space signed by the same entity (eg for TE advertisements). For example. The grandparent could also host a CA service for the child. That's allowed and is currently practiced. Under that hosted CA service, the grandparent could issue a cert for the grandchild. The process controlling this would be a matter for the agreement about the hosting service. For example. The grandparent could issue a CA cert for the grandchild and reclaim that address space from the child by issuing new CA certs for the child that omit the reclaimed space. (For: it keeps allocation and RPKI consistent. Against: it fractures allocations and can produce routing table bloat.) I think I saw this in one message on the thread. How, when, where, why, with what proof or limitations - all that is out-of-band process and can vary per situation. For example. The grandparent could issue a ROA that it itself was allowed to originate the grandchild's address space, and forward traffic to the child with the expectation that the child will forward traffic to the grandchild. (This only works in cases where there is continued connectivity from child to grandchild.) There's no CA cert action there, so it doesn't disturb the consistency with the allocation system. I presume there are lots of others. Do we want to try to record the many possibilities? A complete list (ulp!)? Reasons for and against certain critical ones? --Sandy, speaking only as regular ol' member _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
