Roque Gagliano wrote:
the problem is that what you want to sign is the authorization for a
set of RLOC receive traffic destinated for a particular EID prefix,
and you want the RLOC to probably change in time. That is not
different that the ROA case, where you want the origin ASN to change
in time.
I've always been thinking about it the other way around i.e., what we
want to check is the authorization to direct an EID prefix to whatever
RLOCs it so pleases.
I haven't thought about the tradeoffs between the two approaches though.