[81012] in North American Network Operators' Group
Re: soBGP deployment
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Mon May 23 12:07:17 2005
In-Reply-To: <17041.63797.265940.720976@roam.psg.com>
Cc: NANOG list <nanog@merit.edu>
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Mon, 23 May 2005 18:06:48 +0200
To: Randy Bush <randy@psg.com>
Errors-To: owner-nanog@merit.edu
On 23-mei-2005, at 17:39, Randy Bush wrote:
> o with sbgp, the assertion of the validity of asn A announcing
> prefix P to asn B is congruent with the bgp signaling itself,
> A merely signs the assertion in the bgp announcement.
> o with sobgp, the assertion is in an external database with
> issues such as
This is nonsense. Did you even read the soBGP drafts?
In S-BGP the certificates are carried in path attributes, in soBGP in
a new BGP message. Other than that, they do not differ in this regard.
And unless the implementations are stupid, it should be simple enough
to use a web of trust rather than a fixed trust hierarchy, so the RRs
don't (necessarily) come into play.
> its the old simplicity vs complexity game yet again
Do I hear you say that S-BGP is less complex than soBGP??
