Tim Bruijnzeels wrote on 26/11/15 13:29: > Please note that for ROAs there is a requirement that all ROA > prefixes are included on the EE certificate of the (ROA) signed > object CMS. This proposal does not change this. A ROA that has > prefixes that were removed for whatever reason higher in the path > would still become invalid using this algorithm.
Tim, I am not sure I understand this. If the parent of the EE cert has a shrunken set of resources, will it invalidate the EE or only the non-overlapping subset? Andrei
signature.asc
Description: OpenPGP digital signature
_______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr