> On 27 Jun 2017, at 06:19, Declan Ma <m...@zdns.cn> wrote: > >> 2) Regarding keys, “only in combination with an asserted ASN for that key,” >> not on the key alone > > > I think it’s reasonable to make it obliged to do filtering on the SKI in > combination with an asserted ASN. > > We authors will be figuring out how to get this done after WGLC.
Or.. should we only allow filtering on asserted ASN? Is there a good use case for saying: “I know *this* key is bad for *this* ASN, but I am willing to accept assertions by this same ASN for other keys?” I kind of suspect that if you don’t trust one of the assertions made by the ASN (for whatever reason), you probably don’t want to trust any of their assertions. Tim _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
