>>> Though I’m not sure that there is a huge distinction between disabling >>> BGPSec and taking the router offline since disabling BGPSec would trigger >>> neighbor session resets for capability renegotiation unless we’ve >>> specified otherwise in the protocol docs (doesn’t look like it in my quick >>> skim), and most likely force an entirely ungraceful set of updates as the >>> neighbors re-send their announcements with AS_PATH instead of BGPSEC_PATH. >> >> likely significantly shorter than whatever time it takes to revoke, get >> new cert, install, and then go through the bgp reset. though you will >> eventually do that anyway. >> > I’m going to throw in a new version and ask for WGLC.
wfm randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
