24 May
2005
24 May
'05
1:55 p.m.
the certificates are carried ... in soBGP in a new BGP message. btw, am i supposed to be cheered by yet another overloading of bgp? Since S-BGP overloads signatures into the current packet formats, destroys packing, and destroys peer groups, I'm not certain that you can make the claim that S-BGP has a "lower impact" on BGP than soBGP does.
then i guess i am very lucky not to have made such a claim. the point is that sbgp's changes, while more than one might prefer, are made so that congruent data, path attestation, can be carried in-band. i consider the trade-off worthwhile for the seriously improved security, which is the point of the exercise. randy