> > That is good. But what I meant was (in your I-D under discussion) does > the alternate validation algorithm for a ROA need slightly different wording > (as compared to that for certificates)?
I think not. RFC6482 did not define how the EE certificate is to be validated. It simply states that the IP addresses listed in the ROA must also be found in the resource extensions of the signing EE cert. This still holds. i.e. no change is required there. regards, Geoff _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
