At 11:57 PM -0500 1/29/11, Danny McPherson wrote:
...
That said, I do hope we don't assume that discussions of path security in a
routing protocol should be constrained by the RPKI architecture itself.
-danny
Danny,
I'm a bit puzzled by your final comment above.
Path secruity includes the origin AS, and the RPKI is the mechanism
adopted by SIDR to validate the origin AS assertion for an AS path.
So, in that sense, more extensive path secruity approaches will rely
on the RPKI, at least for the origin AS.
I have assumed that folks planned to take advantage of the ASN
assertions in RPKI certs in support of path security mechanisms, in
some form. (For origin AS verification we need only the address
assertions in certs, but we have always described the RPKI as
encompassing both address and ASN allocations.)
I think reliance on the RPKI for validated assertions re both types
of resources is appropriate for path secruity, irrespective of the
mechanisms used to verify As path info.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
