Hi Nick! On 6 Nov 2024, at 15:34, Nick Hilliard <n...@foobar.org> wrote:
> The chairs cruelly cut off questions from the microphone, So, so cruel. > but I was going to ask about rfc9255 - "The 'I' in RPKI Does Not Stand for > Identity". It looks like you're aiming to use the RPKI as an identity > mechanism to associate the owner of a number resource with the number > resource itself. Kind of. We think we want to validate published ROA (and, where necessary, ASPA) objects in order to determine whether we are authorised to originate a prefix. We know that we also need a way to match a specific customer identity to the resources, for which we imagine we can figure something out using signed checklists. However, this document is adjacent to all of that. In a world where we have figured out the right way to do the stuff above, and we no longer have a need to collect LOAs from customers, what artefact do we send to peers and transit providers who themselves require ROAs? The answer we propose is a minimally-structured, unsigned document that is intended to be human-readable and which tells the recipient how and why we think we are authorised to send them a prefix. We can hope that over time the set of such peers and transit providers becomes empty (as it apparently is already for Ben) but we know that today, for us, we still need to do this. Joe _______________________________________________ GROW mailing list -- grow@ietf.org To unsubscribe send an email to grow-le...@ietf.org
