nanog mailing list archives
Re: ROVER routing security - its not enumeration
From: Paul Vixie <vixie () isc org>
Date: Sun, 10 Jun 2012 21:53:55 +0000
Doug Montgomery <dougm.tlist () gmail com> writes:
...I think we debate the superficial here, and without sufficient imagination. The enumerations vs query issue is a NOOP as far as I am concerned. With a little imagination, one could envision building a box that takes a feed of prefixes observed, builds an aged cache of prefixes of interest, queries for their SRO records, re queries for those records before their TTLs expire, and maintains a white list of "SRO valid" prefix/origin pairs that it downloads to the router.
this sounds like a steady state system. how would you initially populate it, given for example a newly installed core router having no routing table yet? if the answer is, rsync from somewhere, then i propose, rsync from RPKI. if the answer is, turn off security during bootup, then i claim, bad idea.
... Point being, with a little imagination I think one could build components with either approach with similar black box behavior.
i don't think so. and i'm still waiting for a network operator to say what they think the merits of ROVER might be in comparison to the RPKI approach. (noting, arguments from non-operators should and do carry less weight.) -- Paul Vixie KI6YSY
Current thread:
- ROVER routing security - its not enumeration Daniel Massey (Jun 05)
- Re: ROVER routing security - its not enumeration Shane Amante (Jun 05)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Doug Montgomery (Jun 06)
- Re: ROVER routing security - its not enumeration Paul Vixie (Jun 10)
- Re: ROVER routing security - its not enumeration Doug Montgomery (Jun 11)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)