On 4 Jan 2017, at 19:29, Randy Bush wrote:
Sorry, I did not mean that stripping was suggested; the previous
phrase (non-normatively) recommends against stripping. My question
is,
since the subject of the sentence is "signed paths" whether the "MUST
be signed" language means "MUST NOT strip the signature" (which I
suspect to be the case), or something else.
how about
As the mildly stochastic timing of RPKI propagation may cause
version
skew across routers, an AS Path which does not validate at router
R0
might validate at R1. Therefore, signed paths that are Not Valid
and
yet propagated (because they are chosen as best path) MUST NOT have
signatures stripped and MUST be signed if sent to external BGPsec
speakers.
if not, use larger clue bat
It's likely I have this particular bat by the wrong end.
In the last sentence, does "MUST be signed" mean it must have a
signature (which would seem to make "MUST NOT strip" and "MUST be
signed" redundant), or does it mean the propagating router must add it's
own signature in addition to the existing one(s)?
Ben.
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
