The following errata report has been submitted for RFC6482, "A Profile for Route Origin Authorizations (ROAs)".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7079 -------------------------------------- Type: Technical Reported by: Job Snijders <[email protected]> Section: 4 Original Text ------------- Before a relying party can use a ROA to validate a routing announcement, the relying party MUST first validate the ROA. To validate a ROA, the relying party MUST perform all the validation checks specified in [RFC6488] as well as the following additional ROA-specific validation step. o The IP address delegation extension [RFC3779] is present in the end-entity (EE) certificate (contained within the ROA), and each IP address prefix(es) in the ROA is contained within the set of IP addresses specified by the EE certificate's IP address delegation extension. Corrected Text -------------- Before a relying party can use a ROA to validate a routing announcement, the relying party MUST first validate the ROA. To validate a ROA, the relying party MUST perform all the validation checks specified in [RFC6488] as well as the following additional ROA-specific validation step. o The IP address delegation extension [RFC3779] is present in the end-entity (EE) certificate (contained within the ROA), and each IP address prefix(es) in the ROA is contained within the set of IP addresses specified by the EE certificate's IP address delegation extension. o The AS Resources extension is not used in Route Origin Authorizations and MUST be omitted. Notes ----- The ROA RFC is a bit under-specified compared to other RPKI Signed Object profile definitions. (For example, RFC 8209 ยง 3.1.3.4 is less ambiguous on the matter of RFC3779 extensions.) Instructions: ------------- This erratum is currently posted as "Reported". If necessary, please use "Reply All" to discuss whether it should be verified or rejected. When a decision is reached, the verifying party can log in to change the status and edit the report, if necessary. -------------------------------------- RFC6482 (draft-ietf-sidr-roa-format-12) -------------------------------------- Title : A Profile for Route Origin Authorizations (ROAs) Publication Date : February 2012 Author(s) : M. Lepinski, S. Kent, D. Kong Category : PROPOSED STANDARD Source : Secure Inter-Domain Routing Area : Routing Stream : IETF Verifying Party : IESG _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
