Hmm, I would have thought we'd want to keep the chaining, in the sense that non-originating would sign the previous signature. I've no real objection to signing everything else again, it's just removal of the previous signature that I find odd here.
The benefit I see to keeping the signature chaining is that it adds an ordering constraint to the signatures (signature A must have been created after signature B), corresponding to the order in which we expect the update to travel between signers. This seems like a good thing, and I don't see why we'd want to remove it. As you've demonstrated, it doesn't remove all possible forms of mischief, but it raises the bar a bit, and it's cheap, so why not? Am I missing something? Where's the benefit in removing the chaining? _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr