On Aug 9, 2011, at 9:42 PM, George Michaelson wrote: > > Also, "newly designed" seems a bit strong. This is BGP + signing chains isn't > it? Its not re-entering from the top clean state.
A BGPSEC-enabled routing system looks a lot different than BGP... But let's say "new functionality" for periodic v. triggered updates, you ok with that? :-) > I am still struggling to understand how Path prepend is going to work. What I > heard suggests its going to have to be administratively constrained to be > sign-able. At the edge its more in the hands of the origin AS but beyond that > where does the permission to play with the path come from? That's orthogonal, perhaps you should have a look at Doug's slides and mailing list discussion related to pCNT, which has it's own set of issues. > I guess I live in a margin where they are research TOOL and you sometimes > remove TOOLS. If they were added for another purpose, what I get from them > (which is not much btw, but they get talked about in my hearing) is not the > core motivation. Again, adding periodic updates to BGP is far from a trivial change from where we are today, and simply to "reduce the vulnerability window for replay attacks" I'm not convinced we can get to any frequency where such a fundamental architectural element is worth the investment. -danny _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
