Vishwas,
I replied to your message from Feb 27, back in that time frame. I noted that:
- the RPKI is the first step toward providing better BGP security
- the SIDR WG understands the limitations of using ROAs for origin
AS validation (vs. full path validation)
- both the soBGP and the SBGP proposals rely on a PKI of the sort that
the SIDR work is standardizing
- use of ROAs and the RPKI allows one to more readily distinguish
between benign errors and malicious attacks, which is valuable
I don't think that your 1-page I-D is a useful characterization of
the motivation for the SIDR work, or the residual secruity issues to
be addressed after the RPKI foundation is standardized. I do think
we should make sure that the SIDR architecture document capture these
issues, e.g., in the secruity considerations section.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
