Re: [Sidrops] nlnet rp and rsync

Russ Housley <> Tue, 12 May 2020 14:07 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5E0043A0A52 for <>; Tue, 12 May 2020 07:07:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bBsCaSHay5lM for <>; Tue, 12 May 2020 07:07:20 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 569113A0A68 for <>; Tue, 12 May 2020 07:06:24 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 95FCD300B3C for <>; Tue, 12 May 2020 10:06:21 -0400 (EDT)
X-Virus-Scanned: amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10026) with ESMTP id p6x20XbCW2bs for <>; Tue, 12 May 2020 10:06:20 -0400 (EDT)
Received: from a860b60074bd.fios-router.home ( []) by (Postfix) with ESMTPSA id 134B8300A91; Tue, 12 May 2020 10:06:19 -0400 (EDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\))
From: Russ Housley <>
In-Reply-To: <>
Date: Tue, 12 May 2020 10:06:21 -0400
Cc: SIDR Operations WG <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <> <> <> <>
To: Martin Hoffmann <>
X-Mailer: Apple Mail (2.3445.104.14)
Archived-At: <>
Subject: Re: [Sidrops] nlnet rp and rsync
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: A list for the SIDR Operations WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 12 May 2020 14:07:22 -0000


>> A client can use any of the protocols that it wants, but it seems
>> like unnecessary fragility to pick an alternate and then refuse to
>> consider rsync.  This seem counter to a graceful transition,
>> especially if there is a transition from RRDP to RRDP2 in the distant
>> future.
> The decision to not fall back to rsync if RRDP succeeded once was
> actually made with publication point operators in mind. With most
> relying party software now supporting RRDP and preferring it over
> rsync, an operator will see most traffic via RRDP and only very small
> amounts on rsync. Given that unlike with HTTP where lots of tooling and
> services for reliable, scalable operation exist, you are basically on
> your own with rsync, they are likely to only provide a minimum service.
> Now, if the RRDP service becomes unavailable for whatever reason, all
> relying parties hitting the rsync service is not going to end well.
> Since the absolute majority of these RRDP failures are of a transient
> nature and will be resolved by the next validation run, just skipping
> the publication point this time seems a reasonable choice. This could
> probably be improved by remember how many times it failed and switching
> back to rsync after, say, five failures, but I am not sure this is
> worth the effort.

That seems like a desirable improvement.

> As an aside, switching between rsync and RRDP isn’t free. Because an
> RRDP server can essentially publish objects for any rsync URI it wants,
> you have to keep separate trees for rsync and each and every RRDP
> server. So falling back to rsync actually means either downloading the
> full copy or updating a severely outdated copy. It’s not that big a
> deal in the grand scheme of things but worth noting.

I understand that rsync and RRDP offer a very different interface; however, rsync is still the mandatory-to-implement protocol.  And, you clearly already have the code in place to support it.