> Original Text > ------------- > Before a relying party can use a ROA to validate a routing > announcement, the relying party MUST first validate the ROA. To > validate a ROA, the relying party MUST perform all the validation > checks specified in [RFC6488] as well as the following additional > ROA-specific validation step. > > o The IP address delegation extension [RFC3779] is present in the > end-entity (EE) certificate (contained within the ROA), and each > IP address prefix(es) in the ROA is contained within the set of IP > addresses specified by the EE certificate's IP address delegation > extension. > > Corrected Text > -------------- > Before a relying party can use a ROA to validate a routing > announcement, the relying party MUST first validate the ROA. To > validate a ROA, the relying party MUST perform all the validation > checks specified in [RFC6488] as well as the following additional > ROA-specific validation step. > > o The IP address delegation extension [RFC3779] is present in the > end-entity (EE) certificate (contained within the ROA), and each > IP address prefix(es) in the ROA is contained within the set of IP > addresses specified by the EE certificate's IP address delegation > extension. > o The AS Resources extension is not used in Route Origin Authorizations > and MUST be omitted.
while i agree with the sentiment, to this amateur, this smells more like a bit more of a change than an erratum. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
