wrt: >I can't wait until my prefix doesn't make it 'n' AS hops through the Internet >because I used an origin or forward signing key in BGPSEC secure path bits >and an RP (BGP router) upstream didn't have that particular validation key >in their onboard state 'at the ready.
Keys on routers are not required for origin validation. --Sandy, speaking as regular ol' member ________________________________________ From: [email protected] [[email protected]] on behalf of Danny McPherson [[email protected]] Sent: Monday, December 10, 2012 2:58 PM To: sidr wg list Subject: Re: [sidr] about "beaconing" and the bgspec-protoocol On Dec 10, 2012, at 12:17 PM, Randy Bush wrote: >> reports of current ISP behavior wrt TCP MD5 keys seems to be that they >> currently decide never to change keys at all, ironically. > > currently, you would have to synch simultaneous config changes at both > ends of the wire, not reasonable. and, instead of vendors doing the > simple hack of rfc 4808, we've been waiting five+ years for the promised > nirvana of tcp-ao. a kewpie doll for the first person who can cite a > real deployed tcp-ao implementation. And that's between adjacent BGP speaking routers for a single transport connection! I can't wait until my prefix doesn't make it 'n' AS hops through the Internet because I used an origin or forward signing key in BGPSEC secure path bits and an RP (BGP router) upstream didn't have that particular validation key in their onboard state 'at the ready. -danny _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
