> I am trying to understand why our fellow engineers at Verisign are > obsessed with global propagation of RPKI data on the order of a few > minutes. Then a friend hit me with the clue by four. It's about third > party DDoS (and other attack) mitigation.
In other words, when you can't provide a technical argument, it's easiest just to jump to the ad hominem attacks... > Observe that this is a problem in origin validation, i.e. what is being > deployed today. The RFCs are published, the code is in the routers, ... > the horse has left the barn. The horse that leaves the barn too soon will quickly find itself on cobblestones. Let me turn this around for you. That you think security should not mirror the table at the speed of the table tells me that you're not really interested in what should happen --which needs to lead what actually happens to be a useful piece of information-- but in what has happened. So, should we imply from this what your business case is, where you intend to make money off of this work, and attack you for that implication? Or what the RIR's business case is, and where they make their money? Or should we stick to technical problems and realistic solutions? Most effective security, as I said above, tells me about intent --which means that notification of changes in intent must run as fast as intent changes. In routing, intent changes as fast as the table changes, not much slower. It's not so much that humans move quickly, it's that there are so many of them moving at one time that is the bothersome piece of this problem --and the piece that the current design doesn't even attempt to take into consideration. Russ -- <>< [email protected] [email protected] _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
