Update is signed from the victim (customer) to the mitigator. If somone other than the customer signs that customer's prefix to the mitigator (or to anyone else for that matter), then that update will fail validatation. There is no need for an intent bit.
I hope I understood your question correctly. Sriram ________________________________________ From: Eric Osterweil [[email protected]] Sent: Tuesday, December 18, 2012 7:15 PM To: Sriram, Kotikalapudi Cc: [email protected]; sidr wg list Subject: Re: [sidr] the need for speed On Dec 18, 2012, at 6:24 PM, Sriram, Kotikalapudi wrote: > Since the intent is good, it is not an “attack” (at least as far as the > mitigator and the victim are concerned). > In BGPSEC (i.e. the path validation case), the proposed solution (below) is > clearly not even an apparent attack. > The victim (customer) is intentionally propagating a signed update to a > service provider (the mitigator). > The DDoS mitigation works (continues to work like it does today) without > having to create/propagate new RPKI objects. So.... how, exactly, do we know it is not an attack? Is the ``intent bit'' set on all the updates? Eric _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
