On Dec 20, 2012, at 11:36 AM, Arturo Servin wrote: > > > On 20/12/2012 14:19, Eric Osterweil wrote: >> On Dec 20, 2012, at 11:03 AM, Randy Bush wrote: >> >>>> bgpsec+rpki does not have the highly globally synced requirement. >> So, in bgpsec, you (as an RP) don't need to know ROAs a priori in order to >> validate routes as they arrive in updates? >> > > Your RP does, but you do not need all the RPs to have it in order to > rpki+bgpsec to work.
If I want my prefixes to be validated and accepted throughout the routing system (i.e. any eBGP speaker), I need to be sure they all have the full RPKI repo. These RPs _also_ need all of router keys in the whole world, so that they can verify the path signatures of any update they might see. In this design, you can't be a little bit pregnant. :) Eric _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
