nanog mailing list archives
Re: IRRD & exceptions to RPKI-filtering
From: Richard Laager <rlaager () wiktel com>
Date: Mon, 12 Feb 2024 18:25:25 -0600
On 2024-02-12 18:12, Job Snijders wrote:
On Mon, Feb 12, 2024 at 05:01:35PM -0600, Richard Laager wrote:On 2024-02-12 15:18, Job Snijders via NANOG wrote:On Mon, Feb 12, 2024 at 04:07:52PM -0500, Geoff Huston wrote:I was making an observation that the presentation material was referring to "RPKI-Invalid" while their implementation was using "ROA-Invalid" There is a difference between these two terms, as I'm sure you're aware.I'm sure Job is aware, but I'm not. Anyone want to teach me the difference?
... more good explanation snipped ...
A ROA can be invalid (for example, because its X.509 EE certificate expired); a BGP route can be invalid (because no valid RPKI ROA attest that the route could originate from the ASN at hand), and an IRR object can be invalid (because no Valid ROA attest the route object's "origin:" could originate the prefix at hand).
Thanks!This makes perfect sense now that you say it. I just wasn't seeing it immediately before. I figured best to ask and learn something. :)
-- Richard
Current thread:
- IRRD & exceptions to RPKI-filtering Job Snijders via NANOG (Feb 12)
- Re: IRRD & exceptions to RPKI-filtering Geoff Huston (Feb 12)
- Re: IRRD & exceptions to RPKI-filtering Job Snijders via NANOG (Feb 12)
- Re: IRRD & exceptions to RPKI-filtering Richard Laager (Feb 12)
- Re: IRRD & exceptions to RPKI-filtering Job Snijders via NANOG (Feb 12)
- Re: IRRD & exceptions to RPKI-filtering Richard Laager (Feb 12)
- Re: IRRD & exceptions to RPKI-filtering Geoff Huston (Feb 13)
- Re: IRRD & exceptions to RPKI-filtering Job Snijders via NANOG (Feb 12)
- Re: IRRD & exceptions to RPKI-filtering Geoff Huston (Feb 12)