where was my white knight....

[randy at psg.com (Randy Bush)]

> I understand what the manual says (actually, i read it).

cheating!!!!

> I'm just curious as to how this is going to work in real life.  Let's
> say you have a router cold boot with a bunch of ibgp peers, a transit
> or two and an rpki cache which is located on a non-connected network -
> e.g. small transit pop / AS boundary scenario.  The cache is not
> necessarily going to be reachable until it sees an update for its
> connected network.

once again, 
  o when you have no connection to a cache or no covering roa for a
    a prefix, the result is specified as NotFound
  o we recommend you route on NotFound

so the result is the same as today.

> Until this happens, there will be no connectivity from the router to
> the cache

false

> Look, i understand that you're designing rpki <-> interactivity such that
> things will at least work in some fashion when your routers lose sight of
> their rpki caches.  The problem is that this approach weakens rpki's
> strengths - e.g. the ability to help stop youtube-like incidents from
> recurring by ignoring invalid prefix injection.

you can't have you cake and eat it to.  you can not detect invalid
originations until you have the data to do so.

randy