On 12 Jul 2017, at 5:00 AM, Randy Bush <[email protected]> wrote: > >> FYI. While excellent progress is ongoing with the alternative >> algorithm specified in draft-ietf-sidr-rpki-validation-reconsidered, >> it is worth noting that the RIRs will presently be moving to all >> resource RPKI TA’s to help mitigate the risk of massive downstream >> invalidation that would occur in the case of inconsistencies under >> present validation algorithm: > > what continues to amuse me is that all these contortions address rir > failures we have not seen; while the failures we have seen (ee cert in > manifest expiration timing, etc.) have not been systematically > addressed.
Randy - While your amusement is not the primary goal of the system, it does serve as a good reminder that there is more work to be done. This change shouldn’t be viewed as anything other than one small step in the journey of making RPKI services more robust. Thanks, /John _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
