On Mon, May 5, 2014 at 12:41 PM, Randy Bush <[email protected]> wrote:
>>>>> 3.14 While the trust level of a route should be determined by the
>>>>> BGPsec protocol, local routing preference and policy MUST then
>>>>> be applied to best path and other routing decisions. Such
>>>>> mechanisms SHOULD conform with [I-D.ietf-sidr-ltamgmt].
>>>>> ...
>>>>> 3.17 If a BGPsec design makes use of a security infrastructure, that
>>>>> infrastructure SHOULD enable each network operator to select
>>>>> the entities it will trust when authenticating data in the
>>>>> security infrastructure. See, for example,
>>>>> [I-D.ietf-sidr-ltamgmt].
>>
>> What about adding that "the connection to this security infrastructure
>> MUST be through a secure channel"?
it's done via rcynic and/or rpki-to-rtr, right? depending on where in
the process you are... presuming the process looks like:
publication-point - gatherer - cache - router
(rcynic) (rcynic) (rpki-rtr)
and above/before 'publication-point' is 'RIR tomfoolery'
> connection from what? mains power? :)
i think roque was referring to the above process...which I think
already includes 'security bits'. (rcynic == CMS, rpki-rtr == AO ||
ssh)
> this is about routers speaking bgpsec. imiho, it would be ill-adviised
> to start down the rat-hole of operational practices of router management
> for which there is no proof of termination.
let's avoid that for now, especially since I think the request is
already taken care of.
If this is all satisfactory, let's get to a WGLC in the next 2 days,
and then see where that leads us?
-chris
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
