Hi, Unfortunately I cannot attend. So please allow me to briefly sum up what I would have liked to contribute to this discussion if I could have been there..
On 26 Apr 2012, at 21:41, Murphy, Sandra wrote: > The agenda is posted at > http://trac.tools.ietf.org/wg/sidr/trac/wiki/InterimMeeting20120430 > > 0900-0910 Agenda bashing, note well, blue sheets, etc > 0910-1010 Prefix Validate Discussion > 1010-1200 Deployment Discussion (walkthrough/document/discuss deployment > scenarios) > 1300-1400 Deployment Discussion (walkthrough/document/discuss deployment > scenarios) > 1400-1700 Router / Prefix / ROA / CRL - RPKI Repository Data Freshness Most importantly I would really like to see conclusions resulting from any of these discussion documented as requirements for the repository and retrieval mechanisms and RP tooling. For example: = I believe that for prefix validate it's not only important that the objects are cryptographically valid, but an RP also needs to be sure it knows *all* ROAs. = If data is found to be incomplete, ie RP does not have all ROAs, can the RP then stick to the last known consistent state for a given CA? (I believe this is the only safe bet..) = With regards to stale data, is there a sane limit to *how* stale data can be? Days? Hours? Something relative to the intended lifespan of the manifest? = Freshness: well obviously the fresher, the better... but are there any quantifiable hard limits, like new router certs should propagate to all RPs in X hours under normal operations? New ideas and discussing pilots (like we're planning to do) for repository infrastructure improvements are planned for the the interim meeting before the Vancouver IETF, so I don't mean to go into too much detail on that here and now. Except that concrete input from this meeting, phrased as requirements, is very welcome as it will help to evaluate if new ideas actually solve the perceived problems adequately. Cheers Tim _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
