On Fri, Jan 11, 2013 at 08:48:06AM +0100, Mikael Abrahamsson <[email protected]> wrote a message of 37 lines which said:
> If secure BGP verification doesn't work, nothing will work. [...] > The RPKI infrastructure needs to be done with same reisiliancy or > better it seems. Resiliency of the *servers* (the rsync distributors of certs and ROAs) is less important than in the DNS case, since the validating caches can work standalone, without updating the data, for a long time. (Although a document on timing issues, expiration, duration of signatures, would be a good idea.) Resiliency of the data is indeed critical. If a RIR, because of a sofwtare bug or a hijack of its servers starts to serve bogus data, we will have a problem. _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
