soBGP deployment
Randy Bush
randy at psg.com
Tue May 24 17:55:22 UTC 2005
>>> the certificates are carried ... in soBGP in a new BGP message.
>> btw, am i supposed to be cheered by yet another overloading of bgp?
> Since S-BGP overloads signatures into the current packet formats, destroys
> packing, and destroys peer groups, I'm not certain that you can make the
> claim that S-BGP has a "lower impact" on BGP than soBGP does.
then i guess i am very lucky not to have made such a claim.
the point is that sbgp's changes, while more than one might prefer,
are made so that congruent data, path attestation, can be carried
in-band. i consider the trade-off worthwhile for the seriously
improved security, which is the point of the exercise.
randy
More information about the NANOG
mailing list