Geoff Huston wrote: > three weeks ago I asked: > >> It seems to me that the essential requirements for securing proxy >> aggregation are missing at this stage, which makes it somewhat >> difficult for SIDR to work on mechanisms without some re-spinning >> of the SIDR WG Charter (or some other WG) that would permit the >> preliminary work on security requirements relating to proxy >> aggregation to come first. >> >> So my question to the WG Co-chairs is: is work on securing Proxy >> Aggregation within the current SIDR charter? If so, on what basis? > > I would hope that by now the WGchairs have had sufficient time to > consider this question, so I'd like to ask once more: Is work on > securing Proxy Aggregation within the current SIDR Charter? If so, > on what basis?
(Apologies, this got lost (the original question) in other issues.) Sandy did respond (phew!) but as a person in the group: My (personal) feeling is that looking at the use of Proxy Aggregation in the DFZ today shows a very small number of routes (less than 1% by [email protected]'s measurements) and almost all of these looked like misconfig/mistake issues. I think trying to decide how to authenticate proxy-aggregated routes is a more difficult task than we should try to tackle. Is this route signed by the original as-owner or the aggregator as an origin signing, or some set? how do you determine what set? ugh... If at all possible we should avoid this, it will open up issues and add complication for something that is not in common/proper use today. -chris _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
