Greetings, I have a suggestion to draft-ymbk-bgpsec-reqs that is somewhat related to Andrei's proposal, and was previously mentioned in the Friday SIDR meeting. It also arises out of a concern that BGPSEC could make the global routing system more fragile.
The proposed BGPSEC protocol includes a dependance on loosely synchronized time. I understand that time is the easiest means of obtaining freshness of the origin's BGPSEC signature. But it does add a practical requirement that BGP routers be dependance on an ntp time server, which was not the case previously. I'm sure there's a number of strategies that can be deployed to minimize this dependance, but in any case I suggest that the bgpsec-reqs document describe what restrictions and/or allowances that BGPSEC has on other network services. Personally, I'm leery of making Internet routing dependent on ntp so would prefer the requirement be no weaker than the following proposal: 3.xx A BGPSEC design MAY be dependent on network services other than BGP (e.g., ntp) but SHOULD attempt to avoid such a dependancy. Brian _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
