>> otoh, private AS numbers are used in non-confed topologies, e.g. the bgp
>> stub customer who uses a private AS. they should not sign of course.
>> but once i receive their announcement and strip the private AS,
>> can/should i sign? i just looked at bgpsec-protocol and found no
>> guidance.
>
> from that vantage point you are the origin. it's not clear to me that
> a customer relationship is substantively then if you do this internal
^ did you drop "different?"
> to your org. operationally the'yre probably also registering route
> objects, issuing LOAS and operating on behalf of the private ASN.
almost. while they _may_ be registering route objects, it is unlikely
they are signing contracts on behalf of the customer. different transit
providers provision customers using private ASs in different ways (doh).
but i think essentially we are in agreement. as far as bgpsec and
roa-based origin validation go, it would probably be good to specify how
the transit operator proxies for the private AS customer.
but this is the ietf. i have faith that someone can come up with a
corner case where this should not be done. :)
randy
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
