Three observations:
- the briefing you cited was a high level discussion that did not
make a strong
case for the validation revisited I-D.
- I submitted comments on the list about Randy's transfer I-D.
- draft-kent-sidr-adverse-actions-00 documents a range of potential
problems
David,
Thanks a lot for raising this issue.
Based on the discussion in Dallas, I was hoping that we could just go with
the clean approach of including the MP_REACH_NLRI attribute in the
signature.
As you correctly point out, we can't sign MP_REACH_NLRI, because the
Network Address of Next Hop
really do appreciate review.
do not appreciate pdfs of word docs; makes copy paste and commenting
back a major pain. though i have come to suspect that is one of your
goals. so i will not comment on your comments in that pdf, though i
adopted/adapted the majority, with which i agreed.
- I
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing Working Group of
the IETF.
Title : BGPsec Protocol Specification
Author : Matthew Lepinski
Filename:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Secure Inter-Domain Routing Working Group of
the IETF.
Title : BGPsec Router Certificate Rollover
Authors : Roque Gagliano
Sandy,
Perhaps you are reading too much into the use of conforming to?
Perhaps saying aligning with would make it more clear to you? I do
not know what current CMS implementations would do if they were
presented with a RFC6485 compliant RPKI signed object. They may indeed
report the signed