> "However, signed updates received from BGPSec speakers outside of the > confederation (i.e. those transiting the confederation ASes) MUST be > passed to the other Member-ASes BGPSec speakers intact.
nope. you could decide to strip toward one or more confed peers which are not bgpsec capable. your routers, your decision, your policy. don't go there. the rule was very intentionally precise and simple, two members of the same confderation must not add sigs toward each other. imiho, saying anything more is either adding unnecessary words at best or opening up large complexity holes at worst. >> tell that to someone trying to secure some multi-as private network >> using rfc 1918 addresses and asns. > [WEG] you know I debated making a clarifying exception to the above i try to minimize statements that require clarifying exceptions. they tend to open primrose paths with no proof of termination. > I figured it'd be clear from the above discussion and yet you want to me to go into unnecessary complications not directly needed given my brutally specific statement? :) randy _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
