> One question that comes up when reading this document. Now that we've > removed the dependency between Origin Validation and Path Validation but > are expecting them to run in parallel with some shared components, do we > need to discuss how BGPSec cert rollover interacts with Origin Validation > cert rollover, possibly giving hints to what a combined rollover process > looks like? Are we expecting that they should be done at the same time, or > that they should NOT be done at the same time, or does it just not matter? > For example, if it's better to have the rolls done separately, then > probably some guidance about the expiry times not lining up might be good. > It's conceivable that if you're doing an emergency roll on account of > compromised keys, you might be doing both at once, regardless of whether > it's a good idea normally, so I think we need to highlight any gotchas > that may be present. Maybe this belongs in the ops doc?
the enumeration of all tuples which do not interact may be dauntingly large randy _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
