> As Chris mentioned down-thread: Could you explain how these considerations
> differ from considerations around hosted services for critical services,
> e.g., DNSSEC?
This system (and therefore, its considerations) is/are VASTLY different than
those of DNSSEC... In a lot of ways:
1 - This repository system requires RPs to have a FULLY synchronized copy of
all objects at all times. DNSSEC does not.
a - This means all systems have to be high performing/reachable/etc. or
there begin to be problems
b - This means that global crawling must be done before computation can
be reliable
c - ...
2 - This system's hosting model is proposing to put all of the object
generation information in a very few places (the hosted model), DNSSEC does not
(the hosting colocation coefficient in DNSSEC is vastly
different that 5, for rpki)
a - I am not even encouraged to have all my DNS zones hosted by RIRs...
I can get a registrar or hoster to do it, but I can choose from many many
options...
b - ...
3 - The downside of borking routing is all your [connectivity] bases are belong
to us... Lots of problems exist when destinations are unreachable that do not
exist (or are semantically different) when names are unresolvable. In short,
these are very different systems, with _very_ different architectures, with
very _very_ different goals, etc. I could go on, but is this sufficient?
Eric
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
