Hi Sriram, On Wed, 15 Jan 2014, Sriram, Kotikalapudi wrote:
> > just a quick remark regarding "such events occur rarely". I would say that > > this > >depends on the scenario behind. If you consider complexity attacks, for > >example, > >where a prefix owner malicously changes ROAs, those event can occur often. > > > Just to understand the "complexity" attacker's purpose, what is he trying to > accomplish > by changing his prefix's origination AS (and hence ROA) frequently? > Do you mean that he can bloat the CRL into something huge by > repeatedly issuing many EE certs and their revocations? > there are different angles. Introducing a high ROA churn may not only harm the RP but also the router (heavy operations on the prefix table ...). Overall purpose would be to create worst-case load on data structures. We started some analysis on this but didn't finish. My main point was that "such events occur rarely" under normal conditions. But any owner of a prefix is free to create/update/delete ROAs on much smaller time scale. Or did you mean the (configured) cache update time with "rarely"? Cheers matthias -- Matthias Waehlisch . Freie Universitaet Berlin, Inst. fuer Informatik, AG CST . Takustr. 9, D-14195 Berlin, Germany .. mailto:waehli...@ieee.org .. http://www.inf.fu-berlin.de/~waehl :. Also: http://inet.cpt.haw-hamburg.de .. http://www.link-lab.net _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr