|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: soBGP deployment
>>> the certificates are carried ... in soBGP in a new BGP message. >> btw, am i supposed to be cheered by yet another overloading of bgp? > Since S-BGP overloads signatures into the current packet formats, destroys > packing, and destroys peer groups, I'm not certain that you can make the > claim that S-BGP has a "lower impact" on BGP than soBGP does. then i guess i am very lucky not to have made such a claim. the point is that sbgp's changes, while more than one might prefer, are made so that congruent data, path attestation, can be carried in-band. i consider the trade-off worthwhile for the seriously improved security, which is the point of the exercise. randy
|