>> It should be pointed out that pre-provisioned AS_Path filters and >> prefix-lists would actually be effective at defeating this and >> preventing someone who is actually malicious from using this >> technique. This is an excellent argument for implementing SIDR... > >Finally we agree. Although I am not certain SIDR is the optimal >answer, we agree it would solve the problem.
The sidr wg is working on protection of the origination of the route - so the origin AS in the AS_PATH is known to be authorized to originate routes to the prefix. That's not full AS_PATH protection. sidr is not doing full AS_PATH protection. Yet. Protecting the origination is not sufficient, everyone recognizes that. But protecting the origination is necessary for eventual full AS_PATH protection, so we're not wasting our time, either. Feel free to chime in on the sidr list about wanting full path protection. As loud as you like. --Sandy