Not replying to anyone in particular here.. I just want to say though that this exporting of keys of routers makes me nervous. I think this will degrade the level of trust that people can place in bgpsec, and therefore I think it's not a good idea to include this in the standards.
I understand that this may mean that in certain failure scenarios people will find that they haven't provisioned replacement routers. To this I would say: - BCP should be to provision new hardware in advance, eg upon installation. A well documented and simple way to get CSRs out of the router would be useful here. - The rpki repository and fetch mechanisms should be improved to support propagation of new router certs to RPs in hours max. (not days). It should also support a potentially large number of router certs (just like it should be able to support 500k ROAs). - I think that bgpsec validation semantics should support 'graceful' degradation where an AS may sign some, but not all, updates if they come from different hardware. I think this is also needed for initial, incremental, deployment. Tim _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
