Hi Doug,
Actually I am not that concerned what spec will recommend for the
operator to do. I am more concerned what should be the router's default?
Considering the example below should it be: To prefer signed longer path
versus unsigned shorter ?
Specifically I am asking - where does the signed vs unsigned decision
step inserts itself into today's BGP best path decision ?
Should it be complete haos by allowing full freedom for local operator's
configuration ? Should the default be "Do not care" if this is signed or
unsigned ... just run your BGP best path as today ?
Thx,
R.
Sorry, my bad. I somehow thought you were talking about two different
PATH elements in the same update. That assumption made your questions
sound bizarre. I am sure my misunderstanding made my answers sound
equally bizarre.
So, yes if they are different updates for the same prefix received from
different peers ... Then of course this will happen all the time.
As for if you somehow prefer the signed path over the unsigned path, in
the end that is a local decision. I think there is/will be strong wording
that one SHOULD choose the signed and valid path because at the moment
there is no explicit way of distinguishing that a path should have been
signed, and as a result, there is a simple downgrade attack to strip the
PATHSIG, if one is not strictly preferring signed over unsigned paths.
One could think of fixing this, by having AS's push and object in the RPKI
that says "I am signing my paths", then it would be possible to detect the
simple downgrade attack. I guess one might think of AS_CERTS as such a
signal, but that is a bit problematic WRT timing issues. The right way to
do it would be some other explicit object.
Anyway, to answer your question below, one SHOULD choose the second path,
but I doubt the specs will ever say you MUST choose the second path.
dougm
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
