On Thu, Sep 26, 2013 at 5:19 PM, George, Wes wesley.geo...@twcable.com wrote:
[WEG] close enough, ship it.
hurray! :) (I'm also ok with the last edit buffer fun)
thank wes and randy for a fun discussion.
-chris
From: sidr-boun...@ietf.org [mailto:sidr-boun...@ietf.org] On Behalf Of
Randy Bush
how about
To relieve routers of the load of performing certificate validation,
cryptographic operations, etc., the RPKI-Router protocol, [RFC6810],
does not provide object-based security to the
To relieve routers of the load of performing certificate validation,
cryptographic operations, etc., the RPKI-Router protocol, [RFC6810],
does not provide object-based security to the router. I.e. the
router may not validate the data cryptographically from a well-known
trust
From: Randy Bush [mailto:ra...@psg.com]
i don't even know what geographic redundancy is, alternate earths?
[WEG] nah, the latency is too high until we sort out IP over Quantum
Entanglement. ;-) Geographic redundancy in the context of things that live on
servers is that it exists on servers in
On Tue, Sep 24, 2013 at 2:53 PM, Randy Bush ra...@psg.com wrote:
hi wes,
why does proximity matter? Is this just an extension of the trust
domain and limited dependence on routing protocols? If so, I'd
dispense with recommending close because it confuses the issue and
just keep the
From: Randy Bush [mailto:ra...@psg.com]
are you really saying that i should be comfortable configuring a seattle
router to use a cache in tokyo even though both are in my network and
there is a pretty direct hop?
[WEG] not necessarily. But I'm also not saying that there would *never* be a
From: christopher.mor...@gmail.com [mailto:christopher.mor...@gmail.com]
[CLM]
In the RPKIcache example, 'consumer' is 'routers in your network'.
'Close' is 'close enough that bootstrapping isn't a problem', balanced
with 'gosh, maybe I don't want to put one on top of each router! plus
On Wed, Sep 25, 2013 at 12:38 PM, George, Wes wesley.geo...@twcable.com wrote:
From: christopher.mor...@gmail.com [mailto:christopher.mor...@gmail.com]
[CLM]
In the RPKIcache example, 'consumer' is 'routers in your network'.
'Close' is 'close enough that bootstrapping isn't a problem',
[WEG] that's part of my issue - the only way that you get close
enough that bootstrapping isn't a problem is when the cache and
router are directly
there's some baseline that's acceptable, you intimate that IGP comes
up before EGP below. that makes some sense, and thus maybe the target
is
how about
To relieve routers of the load of performing certificate validation,
cryptographic operations, etc., the RPKI-Router protocol, [RFC6810],
does not provide object-based security to the router. I.e. the
router may not validate the data cryptographically from a well-known
From: Randy Bush [mailto:ra...@psg.com]
i think the two paragraphs you would like to see improved are
[snip]
i am not against further explanation, send text. but short text. :)
[WEG] just the first paragraph really, and as I'll note below - I'd love to
send text, but I don't understand one of
hi wes,
why does proximity matter? Is this just an extension of the trust
domain and limited dependence on routing protocols? If so, I'd
dispense with recommending close because it confuses the issue and
just keep the discussion about secondary dependencies and trust
domains.
are you really
Following this line of reasoning (which is not unreasonable); if the
router requires the cache to arrive at correctness, maybe the cache
should be _inside_ the router.
yep. but no chance of it fitting in existing routers, and routers today
don't have the crypto oomph to validate (frequently).
On Tue, Sep 24, 2013 at 12:26 PM, George, Wes wesley.geo...@twcable.com wrote:
From: Randy Bush [mailto:ra...@psg.com]
i think the two paragraphs you would like to see improved are
[snip]
i am not against further explanation, send text. but short text. :)
[WEG] just the first paragraph
However, the concerns I raised during WGLC in
http://www.ietf.org/mail-archive/web/sidr/current/msg05010.html
regarding the ambiguity of some of the guidance regarding location of
RPKI caches (close) in section 3 still have not been addressed. IMO
if it is important enough to discuss
take two paragraphs and call back in the morning if you are still in
pain :)
randy
In order that routers need not perform certificate validation,
cryptographic operations, etc., the RPKI-Router protocol, [RFC6810],
does not provide object-based security to the router. I.e. the
16 matches
Mail list logo