> On 27 Jun 2017, at 13:15, Declan Ma <[email protected]> wrote: > > >> 在 2017年6月27日,19:04,Tim Bruijnzeels <[email protected]> 写道: >> >> >>> On 27 Jun 2017, at 06:19, Declan Ma <[email protected]> wrote: >>> >>>> 2) Regarding keys, “only in combination with an asserted ASN for that >>>> key,” not on the key alone >>> >>> >>> I think it’s reasonable to make it obliged to do filtering on the SKI in >>> combination with an asserted ASN. >>> >>> We authors will be figuring out how to get this done after WGLC. >> >> Or.. should we only allow filtering on asserted ASN? Is there a good use >> case for saying: “I know *this* key is bad for *this* ASN, but I am willing >> to accept assertions by this same ASN for other keys?” > > There is a use case. > > An ASN holder authorized more than one routers to do BGP announcements. Yet > the peering ISP just wants to ignore one of the routers, with other > authorized routers remaining unaffected. > > >> >> I kind of suspect that if you don’t trust one of the assertions made by the >> ASN (for whatever reason), you probably don’t want to trust any of their >> assertions. > > It has nothing to do with the trust on ASN. I believe we should keep this as > a chance for local control. > > Di
Thanks for explaining, makes sense to me :) Tim _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
