On May 13, 2014, at 12:23, Randy Bush <[email protected]> wrote:

>> Though I’m not sure that there is a huge distinction between disabling
>> BGPSec and taking the router offline since disabling BGPSec would trigger
>> neighbor session resets for capability renegotiation unless we’ve
>> specified otherwise in the protocol docs (doesn’t look like it in my quick
>> skim), and most likely force an entirely ungraceful set of updates as the
>> neighbors re-send their announcements with AS_PATH instead of BGPSEC_PATH.
> 
> likely significantly shorter than whatever time it takes to revoke, get
> new cert, install, and then go through the bgp reset.  though you will
> eventually do that anyway.
> 
> randy

I’m going to throw in a new version and ask for WGLC.

spt

_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr

Reply via email to