>> 2. Private ASNs (as pointed out in the SecDir review) are commonly >> used for stubs. > This document should include something (I’m thinking in the Ops > Section) about the protocol considerations: there must be a ROA from > the resource owner for the ISP to properly re-originate the Update, > etc..
that is not the core of the problem. the bgpsec protocol doc has to specifically say that the public AS upon receiving the update from the private AS o if the private signed to the public, public should check sig, then strip it and then might sign as the originating AS or might not. on what criteria does it decide? o if the private did not sign, the public might sign or it might not. on what criteria does it decide? as i said, once you burn that in, i will hack the ops doc randy _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr