The servers where the RPKI data is published (the Trust Anchor and the CAs) are referred to using a single URI, meaning that any sort of geographic redundancy or failover has to be handled via external means (anycast, load balancing, etc.) but rsync isn’t well-suited for this sort of implementation. [cid:DE8A0963-605D-4E57-8A58-E154EF0E790C] Rich Compton | Principal Eng | 314.596.2828 14810 Grasslands Dr, Englewood, CO 80112 From: <christopher.morrow@gmail.com<mailto:christopher.morrow@gmail.com>> on behalf of Christopher Morrow <morrowc.lists@gmail.com<mailto:morrowc.lists@gmail.com>> Date: Tuesday, May 2, 2017 at 6:34 PM To: Compton Rich A <rich.compton@charter.com<mailto:rich.compton@charter.com>> Cc: Job Snijders <job@ntt.net<mailto:job@ntt.net>>, Nikos Leontsinis <nikosietf@gmail.com<mailto:nikosietf@gmail.com>>, NANOG list <nanog@nanog.org<mailto:nanog@nanog.org>> Subject: Re: Financial services BGP hijack last week? On Tue, May 2, 2017 at 11:21 AM, Compton, Rich A <Rich.Compton@charter.com<mailto:Rich.Compton@charter.com>> wrote: That¹s the million dollar question. I think that there will be more adoption from the Internet at large when some big players adopt it. Right now the use of rsync in RPKI is preventing a lot of large ISPs from implementing it (too difficult to provide redundancy with rsync). There is how is it hard to provide redundancy with rsync? E-MAIL CONFIDENTIALITY NOTICE: The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.