This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[routing-wg] Add BGPsec support to Hosted RPKI?

Previous message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?
Next message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Randy Bush randy at psg.com
Mon Oct 11 14:13:17 CEST 2021

in the long run, the number of routers which might have individual keys
may be on the order of the number of prefixes.  we are still learning
about fragmentation as v4 use matures.  i am not worried about storing
the full key set on a validating router.  i am worried about crypto load
on validating and signing routers near the core.

we're still trying to think about the bgpsec downgrade attack issue.
some suggestions might need topologic declarations analogous to those of
aspa.

bgpsec needs a bit more work/study; and we're trying.  aspa is closer to
testable deployment if folk would stop rat-holing over useless corner
cases.

but, as i said in a previous, in the short term ncc resources might be
better spent on reliable publication services.  but unlike others, i do
not pretend to understand the ncc's resources and/or planning.

randy

Previous message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?
Next message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ routing-wg Archives ]