On 9/8/10 4:16 PM, Roque Gagliano wrote:
> Hi Rob,
>
>> I don't see any locking strategy (either modifying rsync or creating a
>> new RPKI object to represent a lock) as likely to work. I can go into
>> details if necessary, but in short there are just too many different
>> ways that a relying party could end up with a potentially inconsistent
>> collection of objects, and this problem goes beyond a single directory
>> ("publication point"), or the rsync protocol.
>>
>> I see no alternative but to place the burden of assembling a
>> consistent view on the relying party. This may mean that the relying
>> party's view lags the latest published data in some cases, and that a
>> relying party that's just starting up (has no cache of valid results
>> from previous retrieval runs) may end up with an incomplete picture
>> portions of the universe. So be it.
>>
>> Welcome to the world of loosely consistent databases.
>
> I agree with you. However, can we think on some operational practices that
> may help the RP?
>
> Here is one example I was thinking about: what if we recommend the server to
> always start updating a publication point by the manifest?. In this sense the
> RP can always re-fetch the manifest at the end of the sync process to compare
> it with the original one at the start of the sync process.
>
FYI: we publish everything to a new, empty directory. When this is done
we change the symlink that points to the 'current' directory, to this
new dir. Rsync follows the symlink. I believe this is similar to other
implementations.
This does not prevent mid-transfer issues as such, but.. the change
itself is fairly atomic. In other words if the RP suspects a
mid-transfer update may have occurred, and then restarts the transfer:
they should get a consistent view.
Since the manifest is always updated when changes occur, and a new EE
certificate issued with not-before time set to the moment of
publication, the RP can re-fetch the manifest and check whether it was
updated.
So, when processing the SIA for a cert:
1) get manifest (follow manifest pointer)
2) get all other objects (follow dir pointer)
3) get manifest again and compare to 1
--> if 3 and 1 don't match, wait a moment and repeat.
I am not sure though whether this enough.. other ideas?
Cheers
Tim
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
