[address-policy-wg] [Ticket#2013022101004151] Policy update request on certification of transferred IPv4 allocations
- Previous message (by thread): [address-policy-wg] [Ticket#2013022101004151] Policy update request on certification of transferred IPv4 allocations
- Next message (by thread): [address-policy-wg] Policy update request on certification of transferred IPv4 allocations
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Nigel Titley
nigel at titley.com
Wed Feb 27 16:48:40 CET 2013
On 27/02/2013 14:42, Wilfried Woeber wrote: > Hi Alex, > > Alex Band wrote: > > [...] >> As soon as the Registry is updated and the resources are associated with >> the new holder, the LIR can optionally request a resource certificate for it. >> This does mean that a transition is not seamless; there is a gap where there >> is no certificate and no ROA, which has an effect on the RPKI validity state >> of the associated BGP announcements. More on that below. > Let's assume that there was a certificate for the full block of the current > holder. Part of that space moves to a new holder. While it is "obvious", that > there's no certificate for that space, it would also be "obvious", that the > encompassing certificate would have to become invalid, e.g. by being revoked > by the CA. Correct? > > If the answer is yes, such a transfer would endanger the routing stability of > *both* parties? > Yes, but from a practical point of view, the current holder will obtain a new certificate before relinquishing the partial block and the new holder will get a new certificate before using it. Nigel
- Previous message (by thread): [address-policy-wg] [Ticket#2013022101004151] Policy update request on certification of transferred IPv4 allocations
- Next message (by thread): [address-policy-wg] Policy update request on certification of transferred IPv4 allocations
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]