>They are required for validation of the origin ASes Signature Segment Apologies, I misunderstood your comment. I read "an origin or forward signing key" as "(an origin) or (forward signing key)". oops.
>And to be clear, we're talking about BGPSEC here, not "origin validation" Yep. Glad to be clear. --Sandy, speaking as regular ol' member ________________________________________ From: Danny McPherson [[email protected]] Sent: Monday, December 10, 2012 5:20 PM To: Murphy, Sandra Cc: sidr wg list Subject: Re: [sidr] about "beaconing" and the bgspec-protoocol On Dec 10, 2012, at 3:22 PM, Murphy, Sandra wrote: > Keys on routers are not required for origin validation. They are required for validation of the origin ASes Signature Segment in the Signature_Block in the BGPSEC_Path attribute, no? I.e., such that the SKI can be used by the recipients of the route advertisement to identify the proper certificate to use in verifying the signature? And to be clear, we're talking about BGPSEC here, not "origin validation" as currently supported by the rpki-rtr protocol (that has no crypto machinery, just 'prefix,origin' bindings). -danny > --Sandy, speaking as regular ol' member _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
