On Aug 14, 2012, at 10:47 AM, Murphy, Sandra wrote: > speaking as a regular ol' member: > > On Tuesday, August 14, 2012 10:07 AM, Andy Newton [[email protected]] said > >> I'm not speaking for anybody but me here, but I would think >> that the notion of RIRs issuing "operational" ROAs would be >> a BIG layer 9 issue. > > > Given all the caveats below. > > If you believe RIRs should not issue ROAs
For clarification, I personally don't have an opinion on this. It is just my observation that there have been concerns about the roles of RIRs in the RPKI, and this would seem to collide with such concerns. > , what would be your preferred method to deal with that: (a) relying party > policy - reject ROAs signed by x,y,z keys, (b) cert policy - some words in > the CP (c) operational - registries promise not to implement a feature in > their code that would allow this (d) contractual - the registry agreement > promises that they will not do this, (e) technical - some bits in the RPKI > objects, etc. A, B, C, and D are above my pay grade. E, such as a grandchild bit in a ROA or something, is interesting but I doubt would resolve layer 9 concerns. > > (Why did you speak of an "operational" ROA? What would a non-operational ROA > be?) > ROAs that represent real routes, not things like IANA space. If there is a better term, let me know. -andy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
