> A---B---C---D > | | > +---E---+ > > "A sends an advertisement to B, B sends it to C, but B does not send it > to E. Your argument is that BGPSEC prevents D from using the path > through E by including in the update a series of signatures."
> I don't see this putting policy in BGP, I don't think anyone has > stated that you should send along alternate path info with: "Hey, but > don't use this" bits set. What is the signature's existence in the advertisement from C, but it's non-existence in the advertisement from E, supposed to mean to D? Not to use the path through E. By adding the signature to the path through C, you've told D not to use other paths, even if they really exist. Without the signature, D would have to pick the phone up and ask. With the signature, they don't need the phone call. If you don't need the phone call to know what B's policy is, you've added the policy to the protocol. The point is you've gone beyond the existence of the path here to the rightful use of the path --and that is policy. Russ _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
