On Nov 30, 2012, at 2:53 PM, Christopher Morrow wrote: > > today there's no validation on the origin so if you pick your > upstreams 'right' you can get reach-ability from a large portion of > the network quickly. tomorrow in a 'only validated routes' world, you > have to wait for propagation of the roa content.
Right! and hope it's not a multi-mode attack that exploits just that "property" of this new system with a rogue route announcement from one of the millions of keyboards that have enable access to BGP speaking routers. > So, the (a) question is: > "How fast does the certified resources data (as seen by bgp > speakers) have to meet up with reality?" Interesting we're visiting requirements now :-) I'd prefer it make my routing changes no slower than they are today. -danny _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
