> This solution for confeds *requires* each AS within a confed to sign > internally > (i.e., from AS to AS within the confed). It does not allow the choice to > a confed operator to sign or not sign the updates internally. > For instance, the operator may be satisfied with the level of mutual trust > within the confed, and therefore may choose to not sign updates internally. > > Do we want to provision this choice into the protocol?
sure, if they strip bgpsec and reconstruct the as-path. in bgpsec, all ass sign. end. randy _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
