On Sun, Jan 30, 2011 at 5:08 PM, Jack Bates <jba...@brightok.net> wrote: > Just a simple, if route invalidly signed, drop it.
What constitutes a invalidly signed route more exactly? Would a signed route by a signer (ISP) who's status has been revoked by an entity in the RPKI-hierarchy-of-trust above (for whatever reason), be considered invalid? For example, if the Egyptian government orders an entity situated somewhere in the verification trust-chain to revoke the trust-chain for some prefixes below, because it prefers these prefixes to not be reachable by anyone, that wouldn't be very good, would it? Not seeing the upside of that model at all. Why would anyone want that? Cheers, Martin
