> Can you clarify what you mean by "the sidr work to date has not > formally bound the route origin ... and [is] easily spoofed"?
rpki has roa binding prefix P to asn A0. i run A1. i inject a route for P with as-path A1 A0. the origin, A0, is what the roa allows, but has no crypto sig. that is sidr work to date. stops fat fingers but not the simplest of path attacks. randy _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr