On Nov 30, 2012, at 1:10 PM, Montgomery, Douglas wrote: > RPKI does not reflect run-time changes in topology. It is a declarative > system in which one would expect information to typically change with > human driven processes (e.g., allocation of addresses, establishment of > peering relationships, etc.)
It's not a question of speed, it's a question of reaction time. As _one example, I know of many commercial DDoS products and services that automate these processes, RPKI as designed hampers our ability to respond in less than hours, and BGPSEC likely much longer. How do I rationalize this when it doesn't even fix things that I consider routing security issues (e.g., the Google sanfu weeks back?)? Here the cure may well be worse than the disease. Mefloquine, anyone? -danny _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
