On Tue, Jan 3, 2017 at 6:31 PM, Randy Bush wrote:
> >> ok, i have had coffee.
> >>
> >> as a bif gedanken experiment, posit a global registry where r0 can say
> >> "i can speak bgpsec." i am a distant r1 and receive an unsigned path
> >> with r0 in it.
> >> o did someone before
> Agreed. I guess you could in addition be very clear that a router that
> once negotiated (and/or send) BGPsec (attributes) should not be
> expected to always do so.
whoops! that'll be in -14. thanks.
randy
___
sidr mailing list
sidr@ietf.org
>> ok, i have had coffee.
>>
>> as a bif gedanken experiment, posit a global registry where r0 can say
>> "i can speak bgpsec." i am a distant r1 and receive an unsigned path
>> with r0 in it.
>> o did someone before r0 on the path not speak bgpsec, so the path was
>> never signed?
>> o
Hi Peter,
>At Tue, 3 Jan 2017 09:39:07 +0100,
>Peter Hessler wrote:
>>
>> I'm currently not using bgpsec (or rpki for that matter). BUT, if there
>> was no path to go back, I would never ever use it. Destroying my ASN
>> because I wasn't ready to migrate is a straight-up
Hi Mirja,
>I actually might be mixing this up with some discussion about DNSsec a while
>ago, where the problem was that once enable others will remember that it was
>supported and will not accept non secured requests anymore.
>But as we are talking about this, could there be a similar case
Agreed. I guess you could in addition be very clear that a router that once
negotiated (and/or send) BGPsec (attributes) should not be expected to always
do so. This is implicitly said already, so please decide on your own if you’d
like to add anymore text.
Thanks!
Mirja
> Am 03.01.2017 um
At Tue, 3 Jan 2017 09:39:07 +0100,
Peter Hessler wrote:
>
> I'm currently not using bgpsec (or rpki for that matter). BUT, if there
> was no path to go back, I would never ever use it. Destroying my ASN
> because I wasn't ready to migrate is a straight-up No Go(tm).
yup,
On 2017 Jan 03 (Tue) at 10:37:38 +0900 (+0900), Randy Bush wrote:
:ok, i have had coffee.
:
:as a bif gedanken experiment, posit a global registry where r0 can say
:"i can speak bgpsec." i am a distant r1 and receive an unsigned path
:with r0 in it.
: o did someone before r0 on the path not
ok, i have had coffee.
as a bif gedanken experiment, posit a global registry where r0 can say
"i can speak bgpsec." i am a distant r1 and receive an unsigned path
with r0 in it.
o did someone before r0 on the path not speak bgpsec, so the path was
never signed?
o did someone between us
At Tue, 03 Jan 2017 00:33:49 +0900,
Randy Bush wrote:
>
> hi mirja,
>
> > could there be a similar case here, where a router is known to support
> > BGPsec and others would ignore/drop non-signed announcements?
>
> h. as far as i can remember, this has not actually been
hi mirja,
> could there be a similar case here, where a router is known to support
> BGPsec and others would ignore/drop non-signed announcements?
h. as far as i can remember, this has not actually been discussed.
how would a router be known to support bgpsec? well, if i saw it on a
Hi Randy,
thanks for you quick reply.
I actually might be mixing this up with some discussion about DNSsec a while
ago, where the problem was that once enable others will remember that it was
supported and will not accept non secured requests anymore.
But as we are talking about this, could
> Quick question: I'm by far not an expert here, but I remember that
> there used to be some concerns that it is practical not possible to
> disable BGPsec once enabled. If that's (still) true, should this be
> mentioned here?
i am not sure what you mean, so let me guess.
an established bgp
Mirja Kühlewind has entered the following ballot position for
draft-ietf-sidr-bgpsec-ops-12: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer
14 matches
Mail list logo