Hello Rob,
In the routing working group, Andrei presented a summary of the discussion on the lists, but there was very little feedback from the floor, or via Jabber, about which direction to move in.
seems to me that the comments from the list were ignored. The problem we have is mentioned in rfc2725 section d 3
As I recall, Joao said he was going to write a summary of the points to consider and put it out to the routing-wg list, where perhaps there can be some more discussion.
One of the reasons to approach this with caution is that the current behaviour is as described in RPSS (RFC2725), and we'd like to get a bit more feedback on why those authentication rules were chosen to make a better decision on how to change them.
Ok i looked at RFC2725: 9.1 "For example, when authorizing a route object software would look at "mnt-routes", if it does not exist, look at "mnt-lower", if that does not exist look at "mnt-by". " and more interesting: D.3 provider independent addresses and multiple origin AS Provider independent addresses and multihoming arrangement using multiple origin AS present a similar problem to multihoming. The maintainer of the address space and the maintainer of the AS is not the same. Permission can be granted using mnt-routes or multiple signatures can appear on the submission. Well the RFC is from 12/1999 , we have now 2006. Things may change!. Even 1999 people saw the problem and according to the wording in D.3 it is not clear that the mnt-routes must appear in the route object itself. It can also be seen that a mnt-routes in the inetobject itself could be used. Or am i wrong? Winfried --- Headlight Housing Factory | Rechenzentrum: Azenbergstrasse 35 | Neue Bruecke 8 D-70174 Stuttgart | D-70173 Stuttgart Fon: +49 711 2840 0 | e-mail: wh@headlight.de Fax: +49 711 2840 999 | http://www.headlight.de