>> bgpsec+rpki does not have the highly globally synced requirement. > So, in bgpsec, you (as an RP) don't need to know ROAs a priori in > order to validate routes as they arrive in updates?
see "highly synched" above. as a rp, an hour or three loose synch is fine. > bgpsec (as currently outlined in the requirement-free draft) damn! and i thought i had writted a reqs draft, which does need updating. let's try to limit the slinging. and your problem is with origin validation as currntly implemented and deployed. it ain't bgpsec. > implicitly requires full replication of the rpki in order to make > correct routing decisions. diff between loose time constraint and what is replicated. > _That_ system has this flaw, but I don't claim to own it. ;) are you willing to rent it out? :) you have a product which places a currently unachievable time constrains on pretty much any mechanism which provides prefix origination security. randy, heading for more airports _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
