25 Apr
2019
25 Apr
'19
9:03 p.m.
You should take this conversation to the folk at Google. They are pushing really hard for IRR objects. On 25 Apr 2019, at 16:01, Randy Bush wrote:
The point is: if you pull the RPKI stuff and build the RPLS stuff locally, you *know* that all data is trusted and hasn't been modified (because everything coming from extern is signed and can be validated).
if everybody had digested security 101, the internet might not be the dumpster fire it is today :)
but this stuff is intuitive only if one has a twisted mind. so i blame myself for explaining inadequately. that part is tough too.
randy