> 在 2017年6月27日,19:04,Tim Bruijnzeels <t...@ripe.net> 写道: > > >> On 27 Jun 2017, at 06:19, Declan Ma <m...@zdns.cn> wrote: >> >>> 2) Regarding keys, “only in combination with an asserted ASN for that >>> key,” not on the key alone >> >> >> I think it’s reasonable to make it obliged to do filtering on the SKI in >> combination with an asserted ASN. >> >> We authors will be figuring out how to get this done after WGLC. > > Or.. should we only allow filtering on asserted ASN? Is there a good use case > for saying: “I know *this* key is bad for *this* ASN, but I am willing to > accept assertions by this same ASN for other keys?”
There is a use case. An ASN holder authorized more than one routers to do BGP announcements. Yet the peering ISP just wants to ignore one of the routers, with other authorized routers remaining unaffected. > > I kind of suspect that if you don’t trust one of the assertions made by the > ASN (for whatever reason), you probably don’t want to trust any of their > assertions. It has nothing to do with the trust on ASN. I believe we should keep this as a chance for local control. Di _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
