> But regardless of process. For this to be useful for route objects we > need two signatures in cases where the AS and prefix are held by > different parties.
then we have misplaced this whole discussion. it is really about using rpki keys to sign rpsl data willy-nilly, as opposed to using the rpki infrastructure. the rpki-based origin validation and bgpsec models specifically do not authenticate the authority of an AS. the AS does that by announcing. i happen to be in the building having post lunch coffee. wanna chat face to face? bring clue bat. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
