> With inconsistencies I did not mean that the validated cache is out of date, > which I agree, will always be there even if it could be minimised. > > The inconsistencies I refer to are different in nature. It's that the > snapshot that the RP tool got when it validated is in itself inconsistent: > surplus or missing ROAs, or the hash of 1 or more ROAs doesn't match. Longer > discussion omitted, but at this point the RP just doesn't know for certain > what to do and guidance is needed. This is where *explicitly* stating a > strong requirement, rather than leaving it implicit, in pfx-validate comes > in..
would you like us to pull in the crucial paragraph from sec 6 of origin-ops? Like the DNS, the global RPKI presents only a loosely consistent view, depending on timing, updating, fetching, etc. Thus, one cache or router may have different data about a particular prefix than another cache or router. There is no 'fix' for this, it is the nature of distributed data with distributed caches. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
