ROVER routing security - its not enumeration

• Previous message (by thread): ROVER routing security - its not enumeration
• Next message (by thread): ROVER routing security - its not enumeration
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Doug Montgomery <dougm.tlist at gmail.com> writes:

> > ...
>
> I think we debate the superficial here, and without sufficient imagination.
> The enumerations vs query issue is a NOOP as far as I am concerned.    With
> a little imagination, one could envision building a box that takes a feed
> of prefixes observed, builds an aged cache of prefixes of interest, queries
> for their SRO records, re queries for those records before their TTLs
> expire, and maintains a white list of "SRO valid" prefix/origin pairs that
> it downloads to the router.

this sounds like a steady state system. how would you initially populate it,
given for example a newly installed core router having no routing table yet?

if the answer is, rsync from somewhere, then i propose, rsync from RPKI.

if the answer is, turn off security during bootup, then i claim, bad idea.

> ...
>
> Point being, with a little imagination I think one could build components
> with either approach with similar  black box behavior.

i don't think so. and i'm still waiting for a network operator to say what
they think the merits of ROVER might be in comparison to the RPKI approach.
(noting, arguments from non-operators should and do carry less weight.)

-- 
Paul Vixie
KI6YSY

• Previous message (by thread): ROVER routing security - its not enumeration
• Next message (by thread): ROVER routing security - its not enumeration
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]