Yes, I agree. I just sent a message to the authors of the protocol spec (cc’d the WG) along the same lines.
On 12/9/16, 7:57 PM, "Randy Bush" <[email protected]<mailto:[email protected]>> wrote: first the protocol spec needs to make clear if the real AS can proxy sign for a connected private AS. then i can hack the ops doc. seems to me that, as the real AS is required to strip the private AS from the path, the real AS should be able to proxy sign. but then who has the cert to create the roa, etc.?
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
