Sriram, I'm not proposing to include it in the BGPSEC signature, It would be a separate signature. Once AS2 removes it, it removes the attribute and its signature chain. The BGPSEC attribute and its signature chain is a different signature chain and not removed.
The second attribute I proposed will be covered by the BGPSEC signature chain and not removed. --Jakob > -----Original Message----- > From: Sriram, Kotikalapudi [mailto:kotikalapudi.sri...@nist.gov] > Sent: Tuesday, July 29, 2014 12:31 PM > To: Jakob Heitz (jheitz); IETF SIDR; i...@ietf.org; g...@ietf.org > Subject: RE: draft-sriram-route-leak-protection-00 > > >ok. How about: > >Each AS signs it as having passed it along, just like the BGPSEC. > >Then after one AS removes it, a subsequent AS cannot add it back. > > Jacob, > > Sorry, but that still doesn't work. The signature validation would > break. > Say, the update received at AS3 is P [AS2 AS1], where AS1 is the > origin. > Let us say, AS2 removed the signed attribute (that you proposed), > and sent the update to AS3. > Then AS3 will not be able to validate AS1's signature, because AS1's > sig covered the removed attribute. > > Sriram > > >--Jakob > _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr