>> one nice thing about origin validation is that anyone who validates >> anywhere on the internet can reject the mis-origination(s). > +1.
a non-op sec person who follows nanog in read-only mode pointed out in private email that this is a subtle difference from prefix filtering. in general, i can not prefix filter N hops away. randy
