| rfc9632v2.txt | rfc9632.txt | |||
|---|---|---|---|---|
| skipping to change at line 484 ¶ | skipping to change at line 484 ¶ | |||
| If the geofeed file is signed, and the signer's certificate changes, | If the geofeed file is signed, and the signer's certificate changes, | |||
| the signature in the geofeed file MUST be updated. | the signature in the geofeed file MUST be updated. | |||
| It is good key hygiene to use a given key for only one purpose. To | It is good key hygiene to use a given key for only one purpose. To | |||
| dedicate a signing private key for signing a geofeed file, an RPKI | dedicate a signing private key for signing a geofeed file, an RPKI | |||
| Certification Authority (CA) may issue a subordinate certificate | Certification Authority (CA) may issue a subordinate certificate | |||
| exclusively for the purpose shown in Appendix A. | exclusively for the purpose shown in Appendix A. | |||
| Harvesting and publishing aggregated geofeed data outside of the RPSL | Harvesting and publishing aggregated geofeed data outside of the RPSL | |||
| model should be avoided as it can have the effect that more specifics | model should be avoided as it could lead to detailed data of one | |||
| from one aggregatee could undesirably affect the less specifics of a | aggregatee undesirably affecting the less detailed data of a | |||
| different aggregatee. Moreover, publishing aggregated geofeed data | different aggregatee. Moreover, publishing aggregated geofeed data | |||
| prevents the reader of the data from performing the checks described | prevents the reader of the data from performing the checks described | |||
| in Section 4 and Section 5. | in Section 4 and Section 5. | |||
| At the time of publishing this document, geolocation providers have | At the time of publishing this document, geolocation providers have | |||
| bulk WHOIS data access at all the RIRs. An anonymized version of | bulk WHOIS data access at all the RIRs. An anonymized version of | |||
| such data is openly available for all RIRs except ARIN, which | such data is openly available for all RIRs except ARIN, which | |||
| requires an authorization. However, for users without such | requires an authorization. However, for users without such | |||
| authorization, the same result can be achieved with extra RDAP | authorization, the same result can be achieved with extra RDAP | |||
| effort. There is open-source code to pass over such data across all | effort. There is open-source code to pass over such data across all | |||
| End of changes. 1 change blocks. | ||||
| 2 lines changed or deleted | 2 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||