I would like to see this work continue. Every public/private working group that I have been part of that discusses potential incremental roll out of RPKI based origin validation gets hung up on FUD about the brittleness of the system. While validation reconsidered does not solve all potential threats/errors, it does mitigate one scenario, with significant potential amplification effects, that I have heard mentioned in these discussions.
I would prefer to avoid as many failure scenarios as possible, rather that focus on ways of detecting them when they do occur. dougm — Doug Montgomery, Mgr Internet & Scalable Systems Research at NIST/ITL/ANTD On 11/23/15, 5:13 PM, "sidr on behalf of Christopher Morrow" <[email protected] on behalf of [email protected]> wrote: >Pinging this thread to catch anyone who didn't reply but had thoughts >I'd like to close this out tomorrow before 5pm EST (10pm UTC). > >thanks! >-chris > >On Sat, Nov 21, 2015 at 9:24 AM, Randy Bush <[email protected]> wrote: >>> the intent is an appropriate change to improve robustness of the >>> system. >> >> i think it changes the robustness, not necessarily improves it. the >> loss of congruent hierarchic validation is exchanged for accepting some >> failures we have yet to see. >> >> being a bit of a naggumite, accepting errors is not big on my agenda. >> one of my disagreements with dr postel was the receiver side of the >> robustness principle. this way lies entropic death. >> >> randy > >_______________________________________________ >sidr mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/sidr _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
