Hi Russ, On 12/6/12 5:42 PM, Russ White wrote: > >> Yes, the hosted keep your private key, but you can modify your ROAs >> anytime you want. At least the hosted systems that I know provide a web >> interface to do that. The ROA would be published immediately or a few >> minute/hours later, depending of the rpki-operator (my personal view and >> with my network operator hat on is that it should be immediately or in >> minutes). > > Modulo the propagation time...
True, but that's hardly the fault of the hosted model IMO. It's the whole architecture. > > But isn't it bad to allow automated changes to a certificate that's > designed to operate "at human speeds," (based on other conversations on > this list), and is so critical to the operation of the routing system? > Aren't we just adding to the total attack surface available against the > routing system by allowing users to go into a web page and change what's > advertised into the ROA system? Maybe. But that doesn't disqualify hosted mode as a viable model for some users. The key resides in balancing risks and benefits. As I said in an earlier email, I am convinced that hosted RPKI provides just what a large slice of the community needs. This doesn't mean hosted is perfect, or even that it's the 'best' for everyone. > > I know --it takes that bit of the problem out of the actual BGP space, > and moves it into another space altogether, but... I don't see banking > as being "more secure" because you can do all your banking on line > --it's more convenient, but I think there's a clear tradeoff in security > and convenience here, right? There definitely is and I can live with it :) Taking your example, banking is probably more insecure now that you can bank online, but who's parting with the convenience ? I think tradeoffs are everywhere and dealing with them appropriately is part of doing good system design. Again, if you are small / medium, hosted is probably right for you. If you are a large ISP, definitely it is not. And, the good thing above all, hosted is optional. If you are small / medium but still want to take the matter into your own hands, you are more than welcome. > > If this is the type of system that's envisioned, shouldn't the risks > involved be documented someplace? > By all means. But, regarding the whole system, what personally worries me the most is the full fetch model... I think we need to work on that. Hosted really doesn't bother me at all. > Russ > ~Carlos _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
