> > - What about delays and inconsistencies that arise when new delegations
> must be created and/or information is changed but still cached in
> certain places?
What about them?
Let me revisit. The DNS is a loosely coupled, coherent database.
The routing system is roughly the same.
Churn in either introduces delay/inconsistancies in (generally)
localised (time/topology) areas.
Data critical to security in BGP ranges from very static, to
relatively static, to relatively dynamic. AS assignments are very
static, address allocations are relatively static, but authorizations
to route are relatively dynamic. Thus it makes sense to rely on some
form of repository system for the static or relatively static data,
but not for the relatively dynamic data. In the aftermath of a major
event, e.g., a train tunnel fire or 9/11, one would like BGP to be
able to advertise new routes quickly, and not have a security system
lag behind. Otherwise, an attacker could attempt to circumvent the
system by creating some sort of "event" and then relying on IPSs to
turn off or otherwise ignore the security data because the operators
know it will be out of date. That creates an opportunity for a
successful attack ...