The following errata report has been rejected for RFC6482, "A Profile for Route Origin Authorizations (ROAs)".
-------------------------------------- You may review the report below and at: https://www.rfc-editor.org/errata/eid7079 -------------------------------------- Status: Rejected Type: Technical Reported by: Job Snijders <[email protected]> Date Reported: 2022-08-10 Rejected by: John Scudder (IESG) Section: 4 Original Text ------------- Before a relying party can use a ROA to validate a routing announcement, the relying party MUST first validate the ROA. To validate a ROA, the relying party MUST perform all the validation checks specified in [RFC6488] as well as the following additional ROA-specific validation step. o The IP address delegation extension [RFC3779] is present in the end-entity (EE) certificate (contained within the ROA), and each IP address prefix(es) in the ROA is contained within the set of IP addresses specified by the EE certificate's IP address delegation extension. Corrected Text -------------- Before a relying party can use a ROA to validate a routing announcement, the relying party MUST first validate the ROA. To validate a ROA, the relying party MUST perform all the validation checks specified in [RFC6488] as well as the following additional ROA-specific validation step. o The IP address delegation extension [RFC3779] is present in the end-entity (EE) certificate (contained within the ROA), and each IP address prefix(es) in the ROA is contained within the set of IP addresses specified by the EE certificate's IP address delegation extension. o The AS Resources extension is not used in Route Origin Authorizations and MUST be omitted. Notes ----- The ROA RFC is a bit under-specified compared to other RPKI Signed Object profile definitions. (For example, RFC 8209 ยง 3.1.3.4 is less ambiguous on the matter of RFC3779 extensions.) --VERIFIER NOTES-- This is a material (albeit small) change to the spec and doesn't appear to reflect the WG consensus at time of publication. Therefore rejecting, see https://mailarchive.ietf.org/arch/msg/sidr/A_2jMTLbpgpK1H0G3QsVJ44T-kE/ as well. -------------------------------------- RFC6482 (draft-ietf-sidr-roa-format-12) -------------------------------------- Title : A Profile for Route Origin Authorizations (ROAs) Publication Date : February 2012 Author(s) : M. Lepinski, S. Kent, D. Kong Category : PROPOSED STANDARD Source : Secure Inter-Domain Routing Area : Routing Stream : IETF Verifying Party : IESG _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
