> Yes, there should be something about private ASNs in the protocol spec. > > It would be nice to also see some operational guidance in this document. > > Alvaro. > > otoh, private AS numbers are used in non-confed topologies, e.g. the bgp > stub customer who uses a private AS. they should not sign of course. > but once i receive their announcement and strip the private AS, > can/should i sign? i just looked at bgpsec-protocol and found no > guidance.
first the protocol spec needs to make clear if the real AS can proxy sign for a connected private AS. then i can hack the ops doc. seems to me that, as the real AS is required to strip the private AS from the path, the real AS should be able to proxy sign. but then who has the cert to create the roa, etc.? randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
