and will all rirs issue an as0 for 10/8? nice. at least, if i use net 10 internally, my local root ca's roas for it will override your 5 or whatever as0 roas.
This is a good operating model I think. If I wanted some assurance of internal intent, I would do this. A SLURM file is simpler, less overhead, but I would probably do what you are doing here. (I don't have this burden, I don't operate routing-active systems)
We proposed this during initial deployment to ensure we had a make-before-break outcome for relying parties, but it does reduce uptake (during the test period at best <100 people have participated)
perhaps because ops seem disinclined to complex tal management.
Yes. I think thats very likely but we are talking about a small number at this stage, the distinction here being what is included in s/w distribution for most people.
If we include the AS0 under the mainline TAL, then this is 'opt out' behaviour for RP's (they would have to do conscious work e.g. locally managed SLURM) to re-validate prefixes, rather than opt-in.
back to an unauthenticated slurm, eh?
Well caught. I think use of this kind of "magic override" is not the first preference, but its logistically simple. I don't like the model of sourcing a SLURM file from outside. Its a local-override mechanism. Di Ma published how to distribute slurm over trusted communications, and I commented about how I still feel uncomfortable about the lack of validation in what SLURM says.
randy, who also did not like or use the dnssec dlv hack
Neither did I FWIW. -G