>> an intermediate AS, which does not validate but signs, could apply > I’d say that the intermediate AS who didn’t verify the signatures it > received could be acting on bad info at any time, without any > conspiring ASs around. The intermediate AS has no more assurance than > a non-bgpsec speaker that the route it receives is valid.
it is not worse than unsecured is a form of reasoning i do not buy. >> prefix-based local policy based on the wrong prefix. same for any >> bgp4 peers it may have. > > I see nothing in David’s message about a prefix, so I’m not sure what > you are talking about. sorry, i forgot that bgp announces beers. the colluding systems could have signed a hash of lager when the label on the announcement was pils. the intermediate system which does not validate could base it's mains order on pils and tell it's non-validating peers to have a pils with them. > But the intermediate AS and any bgp4 (i.e. non-bgpsec speakers?) peers > have chosen to be insecure - I see no reason to be concerned. same fallacious argument. we are supposed to be making things better, not leaving them the same. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
