Ben, Thank you. Please see my response inline below.
>>> >>> - 8.4, last paragraph: The text describes a replay attack, and >>> delegates >>> the mitigation solution to. This is an >>> informational reference; it draft-ietf-sidr-bgpsec-rollover >>> seems like it should be normative. >> >> The solution for mitigation of replay attacks is out of band >> (in relation to the BGPsec protocol). >> As I see it, draft-ietf-sidr-bgpsec-rollover proposes 'a way' >> of replay attack mitigation. Techniques for key rollover / >> replay attack mitigation are expected to continue to evolve. >> There are various variants of the basic key rollover technique that >> are discussed in this informational draft: >> https://tools.ietf.org/html/draft-sriram-replay-protection-design-discussion-07 >> What needs to be pointed out in the BGPsec specification is that >> there are solutions available for replay attack mitigation. >> The above are the reasons why >> draft-ietf-sidr-bgpsec-rollover is included in informational >> references. > >That is a reasonable response, if you think it is realistic that people >would implement solutions other than the one in the reference. It would >help if the text were more clear that draft-ietf-sider-bgpsec rollover >is an example of a possible solutions, and other solutions are possible. > I will try to edit the text a bit to make that clear when I have the next opportunity to edit the document. Sriram _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
