Re: [sidr] various

Randy Bush <> Sat, 12 November 2011 10:45 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 03B2D21F899F for <>; Sat, 12 Nov 2011 02:45:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.589
X-Spam-Status: No, score=-2.589 tagged_above=-999 required=5 tests=[AWL=0.010, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 80ljdxjGeQir for <>; Sat, 12 Nov 2011 02:45:28 -0800 (PST)
Received: from ( [IPv6:2001:418:1::36]) by (Postfix) with ESMTP id 8CA6E21F8797 for <>; Sat, 12 Nov 2011 02:45:28 -0800 (PST)
Received: from localhost ([] by with esmtp (Exim 4.76 (FreeBSD)) (envelope-from <>) id 1RPB5T-000LJe-BB; Sat, 12 Nov 2011 10:45:27 +0000
Date: Sat, 12 Nov 2011 18:45:26 +0800
Message-ID: <>
From: Randy Bush <>
To: Wesley George <>
In-Reply-To: <>
References: <> <> <> <> <> <> <>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Cc: sidr wg list <>
Subject: Re: [sidr] various
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 12 Nov 2011 10:45:29 -0000

> "However, signed updates received from BGPSec speakers outside of the
> confederation (i.e. those transiting the confederation ASes) MUST be
> passed to the other Member-ASes BGPSec speakers intact.

nope.  you could decide to strip toward one or more confed peers which
are not bgpsec capable.  your routers, your decision, your policy.
don't go there.

the rule was very intentionally precise and simple, two members of the
same confderation must not add sigs toward each other.  

imiho, saying anything more is either adding unnecessary words at best
or opening up large complexity holes at worst.

>> tell that to someone trying to secure some multi-as private network
>> using rfc 1918 addresses and asns.
> [WEG] you know I debated making a clarifying exception to the above

i try to minimize statements that require clarifying exceptions.  they
tend to open primrose paths with no proof of termination.

> I figured it'd be clear from the above discussion

and yet you want to me to go into unnecessary complications not directly
needed given my brutally specific statement?  :)