On May 5, 2014, at 9:41 AM, Randy Bush <[email protected]> wrote: >>>>> 3.14 While the trust level of a route should be determined by the >>>>> BGPsec protocol, local routing preference and policy MUST then >>>>> be applied to best path and other routing decisions. Such >>>>> mechanisms SHOULD conform with [I-D.ietf-sidr-ltamgmt]. >>>>> ... >>>>> 3.17 If a BGPsec design makes use of a security infrastructure, that >>>>> infrastructure SHOULD enable each network operator to select >>>>> the entities it will trust when authenticating data in the >>>>> security infrastructure. See, for example, >>>>> [I-D.ietf-sidr-ltamgmt]. >> >> What about adding that "the connection to this security infrastructure >> MUST be through a secure channel"? > > connection from what? mains power? :) > this is about routers speaking bgpsec. imiho, it would be ill-adviised > to start down the rat-hole of operational practices of router management > for which there is no proof of termination.
I was thinking on the issues we had on origin with adding security for RTR and to better document this requirement early on. Roque > randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
