>> 2. Private ASNs (as pointed out in the SecDir review) are commonly
>> used for stubs.
> This document should include something (I’m thinking in the Ops
> Section) about the protocol considerations: there must be a ROA from
> the resource owner for the ISP to properly re-originate the Update,
> etc..
that is not the core of the problem. the bgpsec protocol doc has to
specifically say that the public AS upon receiving the update from the
private AS
o if the private signed to the public, public should check sig, then
strip it and then might sign as the originating AS or might not. on
what criteria does it decide?
o if the private did not sign, the public might sign or it might not.
on what criteria does it decide?
as i said, once you burn that in, i will hack the ops doc
randy
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
