Closed job closed 7 months ago
ydahhrk
commented
7 months ago Thanks
One detail:
In the RRDP protocol the directory modtimes aren't signalled either.
I'm probably just jumping to conclusions, but just to make sure:
Are you suggesting that RRDP signals file modtimes?
Because if it does, it would seem I'm missing something important.
job
commented
7 months ago In RRDP (and RSYNC) you can derive file modtimes from the internal timestamps, the APNIC and RIPE NCC repositories use this trick, and Validators can take advantage of this when serialising RRDP files to disk, then in RSYNC you can use —compare-dest=
The timestamps the community has come to consensus on:
Certificate files: notBefore CRLs: thisUpdate (which OpenSSL confusingly calls lastUpdate) Signed Objects (MFT/ROA/ASA/GBR/etc): CMS signing-time
https://www.ietf.org/archive/id/draft-ietf-sidrops-cms-signing-time-00.html
ydahhrk
commented
7 months ago Need to clarify, because the release notes reference this issue seemingly unrelatedly:
As part of the rsync review for Fort 1.6.0, a few months ago I compared the rsync arguments of rpki-client, Routinator and Fort.
What came out of that is I ended up plagiarizing several of rpki-client's arguments.
So, credit to them.
Some time later, rpki-client added --omit-dir-times, and that's what this pull request specifically added.
Sorry for the confusion.
When syncing against remote repositories, the modtimes of the remote directories is irrelevant. In the RRDP protocol the directory modtimes aren't signalled either. This should save some IOPS.