The discussion of "Beacons" at the last meeting reminds of of EIGRP's 'triggered updates" v. RIP's "periodic updates" (i.e., cousin of beacons)...
I think Randy successfully convinced me during his talk at the Quebec City WG session that "beacons" at a frequency of 24 hours (or anything in the "hours" range) are pretty much useless and add considerable churn and complexity with little return from a practical attack surface perspective. With the lifetime of the average phishing site being only ~55 hours (for many reasons, I know), and an inclination to believe that infrastructure threats are likely to be even more temporal, and I'm inclined to recommend that beacons be removed altogether in their current incarnation of bgpsec, as there are plenty of other scale issues to focus on. Further study on alternatives, downstream purging issues, and clock skew for network elements might be useful in this context. I saw something on the DANE list from PHB about vast skew across end systems, wondering if anyone has measured this? Thoughts? -danny _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
