On Wed, Apr 11, 2012 at 12:17:40PM -0400, Jakob Heitz wrote: > Confeds are out of scope. > > VPN address families are out of scope.
Meaning that the AS_PATH has to be present. No? (I suspect you mean yes. That's the matter at hand.) > If the BGPSEC path does not match the AS_PATH, the update > is invalid. You mean a 1:1 match of ASes including prepend counts? If so, that's at least an opinion. :-) > The validity of an update is used as an input to route selection. > If you have been replace/override/removing ASNs, you are free to > use that information in route selection too. That depends on path validity. If you require that the AS_PATH and the signature are identical (or potentially accommodate transparent ASes of length 0), you can't do a number of those things without rendering the route invalid. Again, deployment issues. > IOW, the BGPSEC validity of an update does not necessarily > prevent you from using the update if you have inside knowledge > about AS path mucking. How you use the BGPSEC validity in > your route selection is a private matter. In general, I agree. The particulars have consequences. -- Jeff _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
