From: sidr-bounces(_at_)ietf(_dot_)org
[mailto:sidr-bounces(_at_)ietf(_dot_)org] On Behalf Of
Randy Bush
how about
To relieve routers of the load of performing certificate validation,
cryptographic operations, etc., the RPKI-Router protocol, [RFC6810],
does not provide object-based security to the router. I.e. the
router may not validate the data cryptographically from a well-known
trust anchor. The router trusts the cache to provide correct data
and relies on transport based security for the data received from the
cache. Therefore the authenticity and integrity of the data from the
cache should be well protected, see Section 7 of [RFC6810].
[WEG] fine, though it's unclear if "may" in the above is intended to be
normative. I think it's not, but just pointing it out.
As RPKI-based origin validation relies on the availability of RPKI
data, operators SHOULD locate RPKI caches close to routers that
require these data and services in order to minimize the impact of
likely failures in local routing, intermediate devices, long
circuits, etc. One also should consider trust boundaries, routing
bootstrap reachability, etc. E.g. a router should bootstrap from a
chache which is reachable with minimal reliance on other
infrastructure such as DNS or routing protocols.
[WEG] this is better, but I still maintain that in the first sentence, "close"
isn't actually the goal we're trying for.
How about:
...operators SHOULD consider the relationship between the routers that require
these data and services and the location of the RPKI caches in the network's
topology. Caches SHOULD be located so that they can take advantage of
geographic redundancy and minimize the impact of likely failures in local
routing, ....
And add this at the end to explain why reliance on routing protocols @
bootstrap is risky:
...or routing protocols. Reliance on routing protocol convergence to reach a
cache at bootstrap time can result in significant increases in total
convergence time as the router converges partially, synchronizes with the RPKI
cache, and then must re-converge based on the data from the cache.
Thanks
Wes
This E-mail and any of its attachments may contain Time Warner Cable
proprietary information, which is privileged, confidential, or subject to
copyright belonging to Time Warner Cable. This E-mail is intended solely for
the use of the individual or entity to which it is addressed. If you are not
the intended recipient of this E-mail, you are hereby notified that any
dissemination, distribution, copying, or action taken in relation to the
contents of and attachments to this E-mail is strictly prohibited and may be
unlawful. If you have received this E-mail in error, please notify the sender
immediately and permanently delete the original and any copy of this E-mail and
any printout.