>>In these use cases, what breaks if we allow two ROAs to co-exist in the >> system (one authorizing the customer AS and one authorizing the proxy AS > >the system already permits multiple ROA's for the same prefix, right?
Yes (e.g. multihoming) and hence the question of why we can't use that framework. >>to originate the prefix) _much before_ the attack (or storm) takes place? >> After all, this is a valid business relationship. Choose your pill >>wisely. > >the concern, for the dos-mitigation and really for the flashcrowds as >well (same thing in the end, "Oops, server go boom, move service to >more-servers-r-us!"), is the lack of prior relationship and thus lack >of existence of a new ROA. > >-chris >(course, I could have missed your question entirely) No, thanks for clarifying. For DDoS mitigation at least, I thought there would be a prior business relationship. I am not familiar with on-the-fly relationship building process. - Pradosh _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
