Andrew,
On Feb 24, 2011, at 1:17 AM, Andrew Lange wrote:
> Given the thread, I can understand your frustration. And, I could have made
> myself more clear. I'll try: given the policies that AS_B might be
> implementing, we cannot know for certain, without AS_B publishing their
> policies, if AS_B should in fact be announcing which of AS_A's routes or in
> what form, hence the use of the term "Plausible."
Assume a model where the AS path is signed such that the recipient is able to
verify that for each arc in the path, the further AS did sign it to the closer
AS. To take your example and extend it, suppose we have
AS_A --> AS_B --> AS_C --> AS_D
(A announces a route to B announces it to C announces it to D.) If D is able
to verify the signature on the (B, C) arc, then it knows (for some value of
"knows" of course :-) that B did actually send the route to C. Whether that
fulfills "AS_B should in fact be announcing which of AS_A's routes or in what
form" I leave it to you to interpret -- it doesn't protect against a policy
misconfiguration on the announcing router of AS_B. An abstract representation
of AS_B's policy could do that, but functionality like that is beyond the scope
of the proposed charter item. The fact that systems to provide exactly this
kind of abstract policy publication have fallen into disrepute doesn't fill me
with optimism about this approach, despite my own personal history with it.
I interpret the proposed charter item to be asking not "if AS_B *should* in
fact be announcing which of AS_A's routes or in what form" but rather roughly
"if AS_B *did* in fact announce which of AS_A's routes and in what form".
--John
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
