I see a distinction between missing data, and invalid objects. Missing data, because the MNF file does not type the missing object, nor specify the prefix and asn it certifies, is an "unknown unknowns" problem: you can't tell if the intent of the missing data would permit or deny *ANY* other data you have, at that point in the repository data tree, and all descendent children. The object could (in principle) radically alter your forwarding intent. Its not safe to proceed. Because the definition of "missing" is that a valid Manifest said it should be seen, you have a cryptographically strong statement "something you don't understand" can't be seen. Not safe to proceed.
Incorrectly signed data, is different. You have reason to believe you may know contextually what it is. If the ASN1 can shape more information, its not inherently clear that you have to reject all other things. It may be mal-signed. it may be mal-formed. It may not be readable, in which case, you probably do have to go to "missing". But, if you know what it says but just don't believe it, why would you reject un-associated information, beyond general distrust of the publication point? There is an argument implicitly in the above, that for MNF, not having it catalog the prefix and origin-as its talking about, may (in hindsight) have been a mistake. cheers -G -- RPKI mailing list [email protected] https://lists.nlnetlabs.nl/mailman/listinfo/rpki
