Financial services BGP hijack last week?

Compton, Rich A Rich.Compton at
Wed May 3 17:39:02 UTC 2017

The servers where the RPKI data is published (the Trust Anchor and the CAs) are referred to using a single URI, meaning that any sort of geographic redundancy or failover has to be handled via external means (anycast, load balancing, etc.) but rsync isn’t well-suited for this sort of implementation.


Rich Compton  |      Principal Eng     |  314.596.2828
14810 Grasslands  Dr,    Englewood,      CO    80112

From: <christopher.morrow at<mailto:christopher.morrow at>> on behalf of Christopher Morrow <morrowc.lists at<mailto:morrowc.lists at>>
Date: Tuesday, May 2, 2017 at 6:34 PM
To: Compton Rich A <rich.compton at<mailto:rich.compton at>>
Cc: Job Snijders <job at<mailto:job at>>, Nikos Leontsinis <nikosietf at<mailto:nikosietf at>>, NANOG list <nanog at<mailto:nanog at>>
Subject: Re: Financial services BGP hijack last week?

On Tue, May 2, 2017 at 11:21 AM, Compton, Rich A <Rich.Compton at<mailto:Rich.Compton at>> wrote:
That¹s the million dollar question.  I think that there will be more
adoption from the Internet at large when some big players adopt it.  Right
now the use of rsync in RPKI is preventing a lot of large ISPs from
implementing it (too difficult to provide redundancy with rsync). There is

how is it hard to provide redundancy with rsync?

The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.

More information about the NANOG mailing list