> This looks pretty good as an outline policy framework - thanks for > publishing it! One comment: in the no-provider-downtime / five-9s > requirement item, structural failure is an inherent behavioural > pattern of all engineered systems, so aiming towards fail-safe > mechanisms, reducing time-to-recovery and reduction of collateral > damage will usually result in better overall system performance, > particularly in cases where there are complex downstream dependencies > (and in the case of RPKI, downstream-upstream interdependencies).
yup i always liked the phrasing building a reliable system out of unreliable components randy
