<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><span id="docs-internal-guid-c04e0bbf-7fff-a732-504e-641570805c9d" class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre-wrap;" class="">Dear colleagues,</span></div><br class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre-wrap;" class="">We have been made aware of an issue that may affect some users who use RPKI relying party (RP) software that uses rsync. Please note that by default, only rpki-client reads from rsync; the rest of the RPs prefer the RPKI Repository Delta Protocol (RRDP). </span></div><br class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre-wrap;" class="">The issue appears to create some inconsistency between the RPKI repository and rsync clients. In more detail, an RRDP client reads a complete state for a specific “serial” from the repository. In contrast, an rsync client syncs the state in multiple steps. First, a list of files is copied, followed by updates for files that have been copied. In an affected scenario, a certificate is added and one of the other files (the manifest) is modified after the file list has been sent. By reading the new manifest, but not copying the new file (it is not on the rsync file list), the repository copied by the rsync client contains an invalid manifest (a file is missing) and the RP software rejects it.</span></div><br class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre-wrap;" class="">We are planning on changing our publication infrastructure and using the same "revisions" RRDP uses for the content of the rsync repository. Rsync is an officially supported distribution protocol for RPKI repository data, and it is one of our highest priorities that the data published is atomic and consistent. We plan to release the new publication infrastructure in Q2/Q3 2021. Part of this work will mitigate these non-repeatable-reads for clients using rsync.</span></div><br class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre-wrap;" class="">We will update you on our progress during RIPE 82, taking place online from 17-21 May 2021.</span></div><br class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre-wrap;" class="">Kind regards,</span></div><br class=""><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre-wrap;" class="">Nathalie Trenaman</span></div><div style="line-height: 1.38; margin-top: 0pt; margin-bottom: 0pt;" class=""><span style="font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre-wrap;" class="">RIPE NCC</span></div><div class=""><span style="font-size: 11pt; font-family: Arial; font-variant-ligatures: normal; font-variant-east-asian: normal; font-variant-position: normal; vertical-align: baseline; white-space: pre-wrap;" class=""><br class=""></span></div></span></body></html>