"Stephen" == Stephen Kent <kent(_at_)bbn(_dot_)com> writes:
Stephen> The BGPSEC protocol being defined does not pass around ROAs
Stephen> or other RPKI repository objects. It defines two new,
Stephen> signed objects that are passed in UPDATE messages, and are
Stephen> not stored in the repository. These objects are verified
Stephen> using RPKI certs and CRLs, so there is a linkage.
OK, so how will the upgrade work for these signed objects? In
particular during phase 2, when both old and new certs (under the old
and new profile) are in use, what happens with these signed objects?
Can a party generate both old and new signed objects? If so, will the
protocol scale appropriately? If not, how does a party know which
signed object to generate?
Ietf mailing list