On Thu, Oct 29, 2020 at 09:14:16PM +0100, Alex Band wrote:
In fact, we argue that it's actually a bad idea to do so:
https://blog.nlnetlabs.nl/why-routinator-doesnt-fall-back-to-rsync/
We're interested to hear views on this from both an operational and security perspective.
I don't see a compelling reason to not use rsync when RRDP is unavailable. Quoting from the blog post: "While this isn’t threatening the integrity of the RPKI – all data is cryptographically signed making it really difficult to forge data – it is possible to withhold information or replay old data." RRDP does not solve the issue of withholding data or replaying old data. The RRDP protocol /also/ is unauthenticated, just like rsync. The RRDP protocol basically is rsync wrapped in XML over HTTPS. Withholding of information is detected through verification of RPKI manifests (something Routinator didn't verify up until last week!), and replaying of old data is addressed by checking validity dates and CRLs (something Routinator also didn't do until last week!). Of course I see advantages to this industry mainly using RRDP, but those are not security advantages. The big migration towards RRDP can happen somewhere in the next few years. The arguments brought forward in the blog post don't make sense to me. The '150,000' number in the blog post seems a number pulled from thin air. Regards, Job