On Mar 21, 2012, at 3:33 PM, Russ White wrote: > >> The current BGPSEC design, chooses to only focus on the protocol on the >> wire, and starts with the attributes that had both an identified threat >> and a existence proof of a reasonable mechanism to address that threat. > > BGPSEC: > > 1. Fails to actually protect the bits on the wire in a way that meets > BGP's actual on the wire protocol semantics (see the addition of timers > to prevent replay attacks). > 2. Attempts to add policy to the mix (see the so-called "man in the > middle attack") without actually calling it policy. > > Given these failures, maybe it's time to start with requirements (rather > than a solution) first, and see if we come to a better outcome.
+1 Eric _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
