>>>>> 3.14 While the trust level of a route should be determined by the >>>>> BGPsec protocol, local routing preference and policy MUST then >>>>> be applied to best path and other routing decisions. Such >>>>> mechanisms SHOULD conform with [I-D.ietf-sidr-ltamgmt]. >>>>> ... >>>>> 3.17 If a BGPsec design makes use of a security infrastructure, that >>>>> infrastructure SHOULD enable each network operator to select >>>>> the entities it will trust when authenticating data in the >>>>> security infrastructure. See, for example, >>>>> [I-D.ietf-sidr-ltamgmt]. >>> >>> What about adding that "the connection to this security infrastructure >>> MUST be through a secure channel"? > > it's done via rcynic and/or rpki-to-rtr, right? depending on where in > the process you are... presuming the process looks like: > publication-point - gatherer - cache - router > (rcynic) (rcynic) (rpki-rtr)
apologies to roque. some external data were indeed what was meant (an rpki-like thing is an example), and was inteneded by "security infrastructure." the authenticity of those data is an issue. we might say so in sec cons. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
