On Sep 5, 2011, at 7:24 AM, Jennifer Rexford wrote:

> 
>> 
>> One could argue that rejecting routes which you previously had no way to
>> know you should reject will inherently alter the routing system and that this
>> is probably a good thing.
> 
> Good point.  Also, "tie breaking" in favor of signed-and-verified routes over 
> not-signed-and-verified routes does not necessarily affect your traffic 
> "positively or negatively" -- rather, if you are letting an arbitrary final 
> tie break make the decision anyway, you are arguably *neutral* about the 
> outcome...
> 
> -- Jen

This is true in terms of whether you care or not, but, if one just looks at 
whether it changes the content of the FIB or not, changing which arbitrary tie 
breaker you use likely changes the contents of the FIB in at least some cases.

The key point is that if you are to secure a previously unsecured database such 
as the routing table, you will inherently be changing the contents of said 
database, or, your security isn't actually accomplishing anything.

Owen


Reply via email to