On Fri, May 3, 2013 at 2:21 PM, Nick Hilliard <n...@foobar.org> wrote:
> On 03/05/2013 19:08, Christopher Morrow wrote: > > hopefully it won't involve people being brave :) hopefully good > measurement > > and metrics lead us to a position where things 'just work' and we can do > it > > with confidence! :) > > dropping prefixes means that you're ok about not having reachability to a > prefix if its roa pops up as "unknown". This could be because the prefix > holder hasn't bothered to register their prefix in the rpki (i.e. > sloppiness), or it could be because the ROA has been revoked for some > reason (e.g. because of hijacking). For sure, a router can't tell the > difference. > > right, in the ideal tomorrow-tomorrow-land ... this all is part of turnup and the timelines associated with propogation/etc are all known and accounted for. Additionally, the systems involved are all well understood and redundant/resilient/etc. in short, in the tomorrow-tomorrow-land... this all just works as we expect/want, and the only 'unknown' are actually 'invalid'. > From a deployment point of view, there's a pretty big gap between poking > around with rpki and actually dropping prefixes on your routers. I don't > see that the rpki dat a will be good enough for the latter any time soon, > but maybe one day. > > right, no problem with this. > Nick > >
