>> suspect that they will span the Internet, ie totally different to an >> IDR session. And that suggests that anyone anywhere can attack them, >> so I would expect to see a threat analysis and counters thereto. > interesting, Randy does this seem like something that you were > thinking of as well? or since the intent is to do this sort of thing > inside a single ASN (or single administrative domain) is this > something that's less critical?
the recommendations in draft-ietf-sidr-origin-ops would seem to be useful here. for example As RPKI-based origin validation relies on the availability of RPKI data, operators SHOULD locate caches close to routers that require these data and services. A router can peer with one or more nearby caches. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
