This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] Add BGPsec support to Hosted RPKI?
- Previous message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?
- Next message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Matthew Walster
matthew at walster.org
Mon Oct 11 13:53:53 CEST 2021
On Mon, 11 Oct 2021 at 12:29, Randy Bush <randy at psg.com> wrote: > > ASPA is orthogonal to BGPSec. It lets AS holders declare who their > upstreams are > > (in the context of BGP Path, not business relation). Even if this > information is > > not yet used in routers in an automated way, a clear text validated > output with > > this information can already be valuable to operators, e.g. for > provisioning. > > (This is also how ROAs were oftentimes used in the early days). > > yup. and much more easily deployed than bgpsec. and small resource > consumption by the ncc. > Could you explain this further for me? AIUI, the requirements on the RPKI repo for BGPsec is just the signing keys being uploaded, with an attestation as to the ASNs that they are permitted to sign for. ASPA requires a relatively huge amount of stuff to be specified (specifying your upstreams etc) in comparison that requires frequent updates, whereas router signing keys will be dwarfed by ROAs etc, there being far more prefixes than there are border routers. Or have I missed something here? (I'm not trolling, I genuinely want to understand if I'm overlooking some major part). Matthew Walster -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/routing-wg/attachments/20211011/fff9d609/attachment.html>
- Previous message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?
- Next message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]