> Basically, if you have BGPsec enabled with a given peer, you might get > a combination of signed and unsigned from that peer - but for a given prefix, > you MUST only get one or the other. Invalid-sig != unsigned. > > Accepting unsigned as a "fast" short-cut is insane, frankly.
Why? BGPSEC does not prevent route leaks (MITM) BGPSEC does not prevent intercept BGPSEC is not a panacea _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
