>> Sorry, I did not mean that stripping was suggested; the previous >>> phrase (non-normatively) recommends against stripping. My question >>> is, since the subject of the sentence is "signed paths" whether the >>> "MUST be signed" language means "MUST NOT strip the signature" >>> (which I suspect to be the case), or something else. >> >> how about >> >> As the mildly stochastic timing of RPKI propagation may cause >> version skew across routers, an AS Path which does not validate at >> router R0 might validate at R1. Therefore, signed paths that are >> Not Valid and yet propagated (because they are chosen as best >> path) MUST NOT have signatures stripped and MUST be signed if sent >> to external BGPsec speakers. >> >> if not, use larger clue bat > > It's likely I have this particular bat by the wrong end. > > In the last sentence, does "MUST be signed" mean it must have a > signature (which would seem to make "MUST NOT strip" and "MUST be > signed" redundant), or does it mean the propagating router must add > it's own signature in addition to the existing one(s)?
yes, it must preserve the signed path and add its own signature. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
