geofeeds over is-is (was: how would draft-ymbk-opsawg-finding-geofeeds work in noam)
Randy Bush
randy at psg.com
Wed Sep 16 21:59:24 UTC 2020
$ubject changed as it is now where to put the pointer
[ we have email suggesting putting the geoloc pointer in dns, routing
databases, ... no one has suggested bgp yet, but i assume it is
coming ]
> I assume that someone (entity) publishes a geo-feed <somewhere>
> I assume that location of this feed (and others) is the goal of this work/draft.
yep
> I don't see how you can easily link (correctly/securely) the publisher
> with the correct data location, without something that clearly ties
> the publisher to be the owner/authorized-user of the ip space included
> in the geofeed.
the draft discusses that, see sec 4 and the sec cons
> use of rpki for geo-feed-URL seems like the simple way to tie
> owner/publisher.
i suspect 'simple' is not the term you want. perhaps 'authoritative'
folk want to publish usefully now, and in fact are doing so. this
scheme, admittedly a compromise, allows immediate incremental deployment
with optional authentication using the rpki; the best of both worlds.
also trying to minimize the silo bridging problem in large orgs
-------------- next part --------------
but, if you write a draft to put a geofeed pointer in the rpki, send me
an email, as i no longer read sidrops.
More information about the NANOG
mailing list