> And it's not really true that you have to crawl the whole tree before you can > do anything. If you have a partial tree, then you can validate part of the > ROAs. Especially if you crawl intelligently, e.g., trying to avoid missing > links in a cert chain. I believe that RPSTIR does something like this.
The simplest way to explain this is that you've created a three way dependency here --the routing system is dependent on the RPKI, which is in turn dependent on the hosting service, which is in turn dependent on the routing system, but you have the third interaction with the RPKI itself. You've gone from three moving parts on the protocol side to three, which makes it more complex. On the human side, you've added the complexity of yet another contractural relationship, which makes things more complex there, adding more places to make mistakes. So adding another moving piece makes things more complex, which will make an already fragile system more fragile. :-) Russ -- <>< [email protected] [email protected] _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
