Speaking as regular ol’ member: On Aug 26, 2015, at 8:20 PM, Randy Bush <[email protected]> wrote:
> good catch. > > one consequence > > an intermediate AS, which does not validate but signs, could apply I’d say that the intermediate AS who didn’t verify the signatures it received could be acting on bad info at any time, without any conspiring ASs around. The intermediate AS has no more assurance than a non-bgpsec speaker that the route it receives is valid. So I don’t think anything that happens to the intermediate AS is something to worry about. > prefix-based local policy based on the wrong prefix. same for any > bgp4 peers it may have. I see nothing in David’s message about a prefix, so I’m not sure what you are talking about. But the intermediate AS and any bgp4 (i.e. non-bgpsec speakers?) peers have chosen to be insecure - I see no reason to be concerned. —Sandy, speaking as regular ol’ member
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
