[81061] in North American Network Operators' Group
Re: soBGP deployment
daemon@ATHENA.MIT.EDU (Randy Bush)
Tue May 24 13:56:12 2005
From: Randy Bush <randy@psg.com>
Date: Tue, 24 May 2005 13:55:22 -0400
To: Russ White <ruwhite@cisco.com>
Cc: Iljitsch van Beijnum <iljitsch@muada.com>,
NANOG list <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
>>> the certificates are carried ... in soBGP in a new BGP message.
>> btw, am i supposed to be cheered by yet another overloading of bgp?
> Since S-BGP overloads signatures into the current packet formats, destroys
> packing, and destroys peer groups, I'm not certain that you can make the
> claim that S-BGP has a "lower impact" on BGP than soBGP does.
then i guess i am very lucky not to have made such a claim.
the point is that sbgp's changes, while more than one might prefer,
are made so that congruent data, path attestation, can be carried
in-band. i consider the trade-off worthwhile for the seriously
improved security, which is the point of the exercise.
randy
