Let me make sure I'm understanding what you're saying. I can have
multiple ROAs for the same set of prefixes in the repository and valid
at the same time: one signed by a new certificate and one signed by a
previous certificate? If so, I think I now begin to understand why the
SIDR working group believes this is a reasonable strategy.
I guess the only question I'd have remaining is whether ROAs or other
signed objects are intended to be used in other protocols besides simply
living in the SIDR repository?
Ietf mailing list