*wg chair hat off* Tim,
I did not say that ARIN would or would not generate such a situation within its own issuance policies, nor did I mention any other RIR. It may well be the case that RIR certificate issuance practices would attempt to avoid such a situation, but I don't believe that this adequately addresses the issue here about the scope of the standard specification.
I took a more general view in my posting of the 10th when I noted that it was possible for
"issuers [to] have local policies relating to certificate issuance that create differing validation paths of more specifics of an intended aggregate address advertisement"
I noted, however that this was a possibility, and also noted in my posting of the 8th that:
"The question I ask myself is should a standard specification provide guidance to implementors and users of the tool that covers all envisaged situations or should it only cover the cases that are most likely to occur and leave the remainder unspecified?
My preference is the former approach, namely that a standard should be useful for interoperation in all envisaged use cases. Given the lack of workable alternatives here I remain of the view that the ROA specification should include this case, with the implication that a 'standard' ROA within this specification may contain multiple signatures. "
regards, Geoff _______________________________________________ Sidr mailing list [email protected] https://www1.ietf.org/mailman/listinfo/sidr
