On May 13, 2014, at 12:23, Randy Bush <[email protected]> wrote: >> Though I’m not sure that there is a huge distinction between disabling >> BGPSec and taking the router offline since disabling BGPSec would trigger >> neighbor session resets for capability renegotiation unless we’ve >> specified otherwise in the protocol docs (doesn’t look like it in my quick >> skim), and most likely force an entirely ungraceful set of updates as the >> neighbors re-send their announcements with AS_PATH instead of BGPSEC_PATH. > > likely significantly shorter than whatever time it takes to revoke, get > new cert, install, and then go through the bgp reset. though you will > eventually do that anyway. > > randy
I’m going to throw in a new version and ask for WGLC. spt _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
