On Dec 10, 2012, at 3:22 PM, Murphy, Sandra wrote: > Keys on routers are not required for origin validation.
They are required for validation of the origin ASes Signature Segment in the Signature_Block in the BGPSEC_Path attribute, no? I.e., such that the SKI can be used by the recipients of the route advertisement to identify the proper certificate to use in verifying the signature? And to be clear, we're talking about BGPSEC here, not "origin validation" as currently supported by the rpki-rtr protocol (that has no crypto machinery, just 'prefix,origin' bindings). -danny > --Sandy, speaking as regular ol' member _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
