Brian,
Sorry, have to call B.S. on this one.
unsportsman-like comment, 15 yards and loss of a down.
Make-before-break is fully possible with exclusivity.
In the general case, the resources are transferred between two CAs, and
these CAs need not be
ISPs, e.g., they might be RIRs. So, before an ISP can issue ROAs for the
newly-received INRs,
the ISP has to have these INRs added to it's CA cert. If the parent of
that CA was not the parent
for the ISP that previously held the resources, then it too has to have
the INRs in question added
to its cert, and so on. Thus means that, in general, there will be more
that one CA, at corresponding
tiers of the RPKI, that will have the same INRs in their 3779
extensions. Equivalently, this means
that some CA will have issued certs to two of its children, where the
certs overlap (wrt the INrs
being transferred).
Exclusivity enforced at the CA level still allows for multiple ROAs
(and thus multiple announcing AS).
Since this is not just a ROA question, I am ignoring the parts of your
message that focus on ROAs, or on
BGP details that seem to be the result of this (confused) focus.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
