On Thu, Feb 3, 2011 at 10:59 AM, Danny McPherson <[email protected]> wrote: > > On Feb 3, 2011, at 10:47 AM, Stephen Kent wrote: >> >> I'm a bit puzzled by your final comment above. >> >> Path secruity includes the origin AS, and the RPKI is the mechanism adopted >> by SIDR to validate the origin AS assertion for an AS path. So, in that >> sense, more extensive path secruity approaches will rely on the RPKI, at >> least for the origin AS. >> >> I have assumed that folks planned to take advantage of the ASN assertions in >> RPKI certs in support of path security mechanisms, in some form. (For origin >> AS verification we need only the address assertions in certs, but we have >> always described the RPKI as encompassing both address and ASN allocations.) >> >> I think reliance on the RPKI for validated assertions re both types of >> resources is appropriate for path secruity, irrespective of the mechanisms >> used to verify As path info. > > I agree with everything you say in the text above - I'm merely referring to > the WG charter issues that quelled previous discussions of path _anything on > this mailing list and in this working group in the past. I trust I don't > need to provide references..
and if the charter is amended to include 'hey, we also should try to secure the path, eh?' that'd bring this to a close, yes? (noting that I do think path verification/validation/security is important and I think we should address it in SIDR) -chris <co-chair-ski-coat-on> _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
