>The model I have long (>30 years) employed is that if the secruity checks >succeed, >the protocol should operate as before (i.e., w/o the added secruity >mechanisms), >because the environment is seen as benign. ---snip--- >I'd like to think that the BGPSEC mechanisms are being developed in a way that >tries to adhere to this paradigm.
Steve, In light of the your above observations, how do you reflect on the pCount field in BGPSEC? It is not part of the current BGP-4. In BGPSEC, pCount = 0 is used to denote a transparent IXP AS, and the transparent IXP AS number is included in the BGPSEC update (whereas BGP-4 practice was not to include it in the update). And the sum of pCounts for all ASs must now be used to determine the AS path length. Also, in the latest bgpsec-protocol document, we have eliminated the AS_PATH attribute. There are only the NLRI and Signature-Segment fields. The ASNs and the pCounts need to be pulled from the various Signature-Segments in order to construct the AS path. Would you or would you not characterize all this as a change in how the protocol operates (when the security checks have succeeded)? Sriram _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
