hi mirja, > could there be a similar case here, where a router is known to support > BGPsec and others would ignore/drop non-signed announcements?
hmmmm. as far as i can remember, this has not actually been discussed. how would a router be known to support bgpsec? well, if i saw it on a signed path. (for the moment, let's ignore changes over time). but it might have an out-degree of O(100) and some portion are signed and the rest not. the ones that are not signed are due to the peer not negotiating bgpsec, or that one or the other is configured to not have the peering be bgpsec. and it's way too late here for me to do the necessary deep dive into draft-ietf-sidr-bgpsec-pki-profiles-18.txt to know if i can definitively identify a router, especially as one router can have multiple ASs and therefore multiple certs and therefore multiple skis. maybe someone on the us beast coast has had enough coffee to hit me with a clue by four when i wake. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
