Re: [sidr] IXP and Route Server and Next Hop transparency

Randy Bush <randy@psg.com> Sat, 09 July 2011 14:56 UTC

Date: Sat, 09 Jul 2011 23:56:44 +0900
Message-ID: <m2tyavijtf.wl%randy@psg.com>
From: Randy Bush <randy@psg.com>
To: Robert Raszuk <raszuk@cisco.com>
In-Reply-To: <4E17646A.1050600@cisco.com>
References: <012601cc3d54$8f07c4e0$ad174ea0$@highwayman.com> <m2y609kptw.wl%randy@psg.com> <014001cc3d74$319571c0$94c05540$@highwayman.com> <m2pqlklw3v.wl%randy@psg.com> <014a01cc3d7f$6312f730$2938e590$@highwayman.com> <m2oc14ljh7.wl%randy@psg.com> <017d01cc3da0$9f8cd390$dea67ab0$@highwayman.com> <4E17646A.1050600@cisco.com>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/22.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Cc: sidr@ietf.org
Subject: Re: [sidr] IXP and Route Server and Next Hop transparency
Precedence: list

> However I would like to ask for some clarification on why bgpsec is all 
> about securing advertised nets and does not (at least to the best of my 
> knowledge) certify that such prefixes have been advertised with 
> legitimate next hops (the one which the prefix owner really owns).

considering next hop likely changes at AS boundaries (and for some ops
practice, within the AS), how and why would one sign it?  e.g. at the
boundary between A and B, why bother having A sign it across what should
be a trustable boundary.

and, if A did sign it, and B changes the next hop when handing the
update on to C, A's signature just got farbled.

so bottom line, imiho, what's the need, and doing it would break things.

randy

[sidr] draft-sriram-bgpsec-design-choices-00 -- I… Chris Hall
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Randy Bush
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Randy Bush
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Robert Raszuk
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Randy Bush
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Randy Bush
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Randy Bush
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Sandra Murphy
[sidr] IXP and Route Server and Next Hop transpar… Robert Raszuk
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Sriram, Kotikalapudi
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Sriram, Kotikalapudi
Re: [sidr] IXP and Route Server and Next Hop tran… Randy Bush
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Roque Gagliano
Re: [sidr] IXP and Route Server and Next Hop tran… Sandra Murphy
Re: [sidr] IXP and Route Server and Next Hop tran… Robert Raszuk
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall
Re: [sidr] draft-sriram-bgpsec-design-choices-00 … Chris Hall