IRRD & exceptions to RPKI-filtering

• Previous message (by thread): IRRD & exceptions to RPKI-filtering
• Next message (by thread): IRRD & exceptions to RPKI-filtering
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2024-02-12 18:12, Job Snijders wrote:
> On Mon, Feb 12, 2024 at 05:01:35PM -0600, Richard Laager wrote:
>> On 2024-02-12 15:18, Job Snijders via NANOG wrote:
>>> On Mon, Feb 12, 2024 at 04:07:52PM -0500, Geoff Huston wrote:
>>>> I was making an observation that the presentation material was
>>>> referring to "RPKI-Invalid" while their implementation was using
>>>> "ROA-Invalid" There is a difference between these two terms, as I'm
>>>> sure you're aware.
>>
>> I'm sure Job is aware, but I'm not. Anyone want to teach me the
>> difference?

... more good explanation snipped ...

> A ROA can be invalid (for example, because its X.509 EE certificate
> expired); a BGP route can be invalid (because no valid RPKI ROA attest
> that the route could originate from the ASN at hand), and an IRR object
> can be invalid (because no Valid ROA attest the route object's "origin:"
> could originate the prefix at hand).

Thanks!

This makes perfect sense now that you say it. I just wasn't seeing it 
immediately before. I figured best to ask and learn something. :)

-- 
Richard

• Previous message (by thread): IRRD & exceptions to RPKI-filtering
• Next message (by thread): IRRD & exceptions to RPKI-filtering
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]