ok, i have had coffee.
as a bif gedanken experiment, posit a global registry where r0 can say
"i can speak bgpsec." i am a distant r1 and receive an unsigned path
with r0 in it.
o did someone before r0 on the path not speak bgpsec, so the path was
never signed?
o did someone between us not speak bgpsec, so the path was stripped?
o was there a monkey in the middle?
i think we did discuss this problem space, and decided that, as long as
we allow islands of partial deployment, and therefore path stripping,
the monkey is on our back. we might have been wrong in this; but even
with coffee i do not see a way out.
and i do not think the idea of partial path signing, r0 signing a
received unsigned path, would have helped a lot.
it is not clear to me that this is a space where the ops doc can help
much. i am open to ideas.
randy
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
