[81016] in North American Network Operators' Group
Re: soBGP deployment
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon May 23 12:55:31 2005
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Iljitsch van Beijnum <iljitsch@muada.com>
Cc: Randy Bush <randy@psg.com>, NANOG list <nanog@merit.edu>
In-Reply-To: Your message of "Mon, 23 May 2005 18:06:48 +0200."
<B6DE33ED-0C90-46A1-ACD9-329F10905B0B@muada.com>
Date: Mon, 23 May 2005 12:54:58 -0400
Errors-To: owner-nanog@merit.edu
In message <B6DE33ED-0C90-46A1-ACD9-329F10905B0B@muada.com>, Iljitsch van Beijn
um writes:
>
>On 23-mei-2005, at 17:39, Randy Bush wrote:
>
>> o with sbgp, the assertion of the validity of asn A announcing
>> prefix P to asn B is congruent with the bgp signaling itself,
>> A merely signs the assertion in the bgp announcement.
>
>> o with sobgp, the assertion is in an external database with
>> issues such as
>
>This is nonsense. Did you even read the soBGP drafts?
>
>In S-BGP the certificates are carried in path attributes, in soBGP in
>a new BGP message. Other than that, they do not differ in this regard.
Randy isn't talking about certificates, he's talking about how you tell
if a path is legitimate.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
