Russ, I think you are twisting the facts on your own convenience.
RPKI != RPKI-hosted solutions. And RPKI is not dependant on the RPKI-hosted solutions in the same way that DNS is not dependant in the DNS-hosted solutions. Regards, .as > >> And it's not really true that you have to crawl the whole tree before >> you can do anything. If you have a partial tree, then you can validate >> part of the ROAs. Especially if you crawl intelligently, e.g., trying >> to avoid missing links in a cert chain. I believe that RPSTIR does >> something like this. > > The simplest way to explain this is that you've created a three way > dependency here --the routing system is dependent on the RPKI, which is > in turn dependent on the hosting service, which is in turn dependent on > the routing system, but you have the third interaction with the RPKI > itself. > > You've gone from three moving parts on the protocol side to three, which > makes it more complex. On the human side, you've added the complexity of > yet another contractural relationship, which makes things more complex > there, adding more places to make mistakes. > > So adding another moving piece makes things more complex, which will > make an already fragile system more fragile. > > :-) > > Russ > > > -- > <>< > [email protected] > [email protected] > _______________________________________________ > sidr mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/sidr > _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
