This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] Add BGPsec support to Hosted RPKI?
- Previous message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?
- Next message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Randy Bush
randy at psg.com
Mon Oct 11 14:13:17 CEST 2021
in the long run, the number of routers which might have individual keys may be on the order of the number of prefixes. we are still learning about fragmentation as v4 use matures. i am not worried about storing the full key set on a validating router. i am worried about crypto load on validating and signing routers near the core. we're still trying to think about the bgpsec downgrade attack issue. some suggestions might need topologic declarations analogous to those of aspa. bgpsec needs a bit more work/study; and we're trying. aspa is closer to testable deployment if folk would stop rat-holing over useless corner cases. but, as i said in a previous, in the short term ncc resources might be better spent on reliable publication services. but unlike others, i do not pretend to understand the ncc's resources and/or planning. randy
- Previous message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?
- Next message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]