>> 2a. If you have a business relationship with this other party, then you >> already have an enforcement mechanism at hand --signatures and other >> sorts of things won't provide anything additional. > > Actually, this is not strictly true.
> B and A are peers. Which means they have a business relationship... > The agreements between A and C, and between B and C, prohibit C sending > anything > other than C's own routes to A and B. The only way A and B would know they are C's upstream is for them to tell one another about it --as you say, this isn't possible within BGP. According to the folks I've talked to, BGPSEC was specifically not designed to resolve the problem you're discussing, and there is no way within the specification to resolve this problem. :-) Russ _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
