>>> I can not believe that it will be 2X.
It will likely be worse. > Now, for a regular update that changes the bestpath, the signature > will likely come later (in my proposal). If it replaces an existing > valid path, the bestpath will not change until the signature arrives. > If it replaces no path, then the regular update will produce a bestpath > change, but the signature will not. So you are arguing that if you have two signed paths, and you receive a new unsigned path replacing one of the signed paths --in fact, replacing the signed path that is currently your bestpath-- you would keep using the old bestpath even though it has a lower security preference than the other existing signed path. How does a system that says, "replay attacks are okay, you may accept unsigned information over signed information, it's okay if timers are expired, it's okay if AS' in the middle of that path can be attacked through replays, etc.," really provide security? I'm seeing a lot of work for little to no net gain here. :-) Russ _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
