On 2023-06-25 14:10, Owen DeLong wrote:
On Jun 25, 2023, at 11:06, Brian Knight <m...@knight-networks.com>
wrote:
Hi Owen,
If I understand the below right, the assigner / upstream may delegate
authority (create ROAs) to originate the route, but may not delegate
management of that authority to the assignee.
They must be able to delegate the management also (delegated RPKI) or
RPKI doesn’t work.
I believe this limitation may existing in Hosted RPKI (which is
admittedly way more popular than it should be).
Understood. I'm writing in the context of hosted RPKI. Sorry if that
wasn't clear.
[snip]
Managing ROAs isn't an onerous workload for me in particular. But it
may be for others. It would also more closely match what is possible
in IRR.
The upstream still needs to sign the resulting ROAs for the system to
maintain integrity. Not sure you can work around that.
If there were a workflow where an assignee could create an ROA and then
send it to the assigner for signing before publishing, I could see that
working for this use case.
Thanks!
-Brian
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML@arin.net).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact i...@arin.net if you experience any issues.
