Re: [sidr] Confederations and Private ASNs (WAS: AD Review of draft-ietf-sidr-bgpsec-protocol-18)

>From: Randy Bush >Sent: Thursday, December 29, 2016 6:02 PM >that is not the core of the problem. the bgpsec protocol doc has to >specifically say that the public AS upon receiving the update from the >private AS > o if the private signed to the public, public should check sig,

[sidr] Review of draft-ietf-sidr-rpki-oob-setup-05

Reviewer: Roni Even Review result: Ready I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at . Please resolve these comments along with any other Last Call comments you may receive. Document:

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

ok, i have had coffee. as a bif gedanken experiment, posit a global registry where r0 can say "i can speak bgpsec." i am a distant r1 and receive an unsigned path with r0 in it. o did someone before r0 on the path not speak bgpsec, so the path was never signed? o did someone between us

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

At Tue, 03 Jan 2017 00:33:49 +0900, Randy Bush wrote: > > hi mirja, > > > could there be a similar case here, where a router is known to support > > BGPsec and others would ignore/drop non-signed announcements? > > h. as far as i can remember, this has not actually been

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

hi mirja, > could there be a similar case here, where a router is known to support > BGPsec and others would ignore/drop non-signed announcements? h. as far as i can remember, this has not actually been discussed. how would a router be known to support bgpsec? well, if i saw it on a

Re: [sidr] Confederations and Private ASNs (WAS: AD Review of draft-ietf-sidr-bgpsec-protocol-18)

See my comments inline On 12/29/16, 6:23 PM, "sidr on behalf of Randy Bush" wrote: >>> 1. It is common to use private ASNs in Confederations, >> but the global RPKI can’t support that. draft-ietf-sidr-slurm seems >> to address the

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

Hi Randy, thanks for you quick reply. I actually might be mixing this up with some discussion about DNSsec a while ago, where the problem was that once enable others will remember that it was supported and will not accept non secured requests anymore. But as we are talking about this, could

Re: [sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

> Quick question: I'm by far not an expert here, but I remember that > there used to be some concerns that it is practical not possible to > disable BGPsec once enabled. If that's (still) true, should this be > mentioned here? i am not sure what you mean, so let me guess. an established bgp

[sidr] Mirja Kühlewind's No Objection on draft-ietf-sidr-bgpsec-ops-12: (with COMMENT)

Mirja Kühlewind has entered the following ballot position for draft-ietf-sidr-bgpsec-ops-12: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer

Re: [sidr] Review of draft-ietf-sidr-bgpsec-pki-profiles-19

> potentially repeating BGP IDs not weighing in on the rest. but i am not sure what you mean by bgp id. if it is routerID, those are unique within an AS. randy ___ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr