On Wed, Feb 23, 2011 at 9:01 PM, Geoff Huston <g...@apnic.net> wrote: > Andrew, > > I hope I was neutral in neither agreeing or disagreeing as to its utility in > my comment. > > I was simply checking your assertion that "it would be useful to have a > relationship object" and gently trying to understand your reasoning behind > holding that view. >
for my money, I see this as data that will quickly rot, with very little ability to really know if it's valid or not from an external perspective. Providing ROA data for netblocks, and attaching that to the notion of a tree of certificate data down from RIR -> NIR -> LIR -> EndUser should be 'simple', at least the mechanisms exist to keep this updated and validated are I think. I don't think we want to introduce more data that will root (IRR style). Back to path validation though, what should we target as important items to 'secure' (validate I think is the term I'd use), currently the reqs talk about: o AS_PATH o prefix/length Should, and why?, the relationship between ASN's be validated/used as well? I think the thought had been that the RPKI data + irr data would lead to better/easier prefix-list-style protections, so the relationship didn't need to be validated beyond the immediate 2 ASN's. -Chris > > On 24/02/2011, at 9:12 AM, Andrew Lange wrote: > >> Geoff, >> >> Do you disagree as to its utility? >> >> Andrew >> >> On Feb 23, 2011, at 4:16 PM, Geoff Huston wrote: >> >>> >>> On 24/02/2011, at 8:09 AM, Robert Loomans wrote: >>> >>>> >>>> On 24/02/2011, at 09:17, Andrew Lange wrote: >>>> >>>>> From a work item perspective, it would be useful to have a relationship >>>>> object signed that says "I'm AS_A, and I have AS_B and AS_Q as legitimate >>>>> connections." >>>> >>>> Geoff published a (now expired) draft for just such an object: >>>> http://tools.ietf.org/html/draft-huston-sidr-aao-profile-03 >>>> >>> >>> and I can push it out again. >>> >>> Andrew, I assume you are serious in claiming that this would be useful to >>> have in this context. >>> >>> Geoff >>> >>> _______________________________________________ >>> sidr mailing list >>> sidr@ietf.org >>> https://www.ietf.org/mailman/listinfo/sidr >> > > -- > > Geoff Huston > Chief Scientist, APNIC > > +61 7 3858 3100 > g...@apnic.net > > > > > _______________________________________________ > sidr mailing list > sidr@ietf.org > https://www.ietf.org/mailman/listinfo/sidr > _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr