Chris, On Nov 7, 2012, at 11:11 AM, Christopher Morrow <morrowc.li...@gmail.com> wrote: > there isn't data in bgp today data which tells you 'this path is a > leak'. Even at the immediately-leaked-to peer there isn't data in the > message that's helpful for this problem.
Why isn't the above considered putting the cart in front of the horse? Namely, there is this (seemingly) hard requirement that all information must be self-contained within BGP -- even though the above acknowledges that we CANNOT get this information out from BGP. Shouldn't that suggest there is a pretty fundamental problem here wrt the current definition of the problem? What's even more perplexing is the WG seems to accept that it's OK to accept substantial complexity in creating, exchanging, validating information using an "out-of-band" certificate repository system (RPKI) ... which is OK to be used for Origin Validation by BGP, but for some reason ... BGPSEC is saying that it cannot depend on external information sources for Path Validation (other than per-router/per-AS certs). Something really does not add up on where lines appear to be arbitrarily drawn here. -shane _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
