>Excuse me. I misunderstood. In either case, the prefix originates out of AS2 >so the existing ROA would be valid and you would just have to worry about tie >breaking factors anywhere that the AS path length was 2.
That is right about case (#2) -- the case that we are more interested in. But in my more mundane case (#1), it is an existing (long term) business relationship between the two parties. So a 2nd ROA can be created proactively for the Proxy AS (AS1). > > I agree with your comment about a conversation at Nanog in February, sounds > like a great idea. Sure, thanks. I'll look forward to it. > Sure, but isn't Eric's point that there is no ROA in this case (#2) and if > propagation times are too large (days or weeks) then it doesn't really help > with the DDoS mitigation? As you have acknowledged already, the RPKI propagation delays do not come into picture for the proposal we are examining. Just as an aside, you may take a look at my estimates/comments also about the RPKI delays: http://www.nist.gov/itl/antd/upload/rpki-rsync-delay-technote.pdf Sriram _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
