On Thu, Nov 21, 2013 at 5:48 PM, Geoff Huston <[email protected]> wrote:
> but in our haste to comply with the timelines dictated by DHS's project
> funding
> I guess we've got what DHS were prepared to pay for, and not what we
> actually
> wanted or need. And for many its an unsatisfactory outcome.
just asking about one part here... so DHS aside, because i'm not sure
that who the funder is is relevant to the work, exactly... what
options are there for securing more than the aspath?
for example: origin ?
metric
communities
pick other attributes...
all of these are subject to change today, none of them seem to have a
great deal of useful meaning beyond the first as-hop? This topic came
up a bit with discussion about the threats document in SIDR recently,
and I was able to find:
http://tools.ietf.org/html/draft-sriram-bgpsec-design-choices-04#section-2.4
which at least talks about the reason no other attriibutes were added
to the secured part of the process.
Additionally, the draft in question here still doesn't say how you'd
know 'thats a route leak' more than 1 as-hop away form the 'leak'. (it
also doesn't take into account any of the comments I provided to the
authors :( which is another matter entirely)
-chris
_______________________________________________
GROW mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/grow
