On Tue, 18 Mar 2008, Danny McPherson wrote:
> > On Mar 18, 2008, at 1:20 PM, Sandra Murphy wrote: >> >> That's the reason behind the need to (r)sync with databases everywhere >> periodically. Like creating your filters from IRRs each evening. > > Yes, but I'm saying, IF the ROA/expiry data is included in > a secure routing protocol's route update messages and is Ah. Well, that's a possible future direction, but we're not there yet. > to be validated by intermediate systems, then such periodic > refresh timers could have considerable implications on the > stability of the routing system. In any distribution of the ROA/certs, you need to take some care in operational matters - creating the new cert with some overlap in validity timing seems desirable, getting the new ROA distributed in time whether through repositories or BGP or whatever, and error conditions (see Geoff's draft) that have a "validates but against expired ROA" case coupled with local policy as to whether to accept that or not, etc. --Sandy > > -danny > > _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
