Ian,
For the record, Mimas are currently refreshing every hour.
If there are any changes, we cascade.
Cheers,
Ross
> > I think "daily refresh" may be over-the-top at this moment
>
> As John just pointed out, we feel that the normal rate of change of the
> federation metadata (multiple substantive changes per day) justifies
> refreshing daily just to avoid operational issues.
>
> The more important point is that metadata changes are one of the few
> technical actions we can take in the event of, say, the public keys for
> an entity becoming compromised. So service providers in particular
> should be aware that they are potentially vulnerable -- should such a
> thing ever happen -- to spoofing attacks during a window equal to their
> metadata refresh interval. From that point of view, there's a school of
> thought (Nate @ Internet2, for example, has said this) which feels that
> hourly is safer. I wouldn't go that far, but I definitely don't think
> that daily is over the top.
>
> -- Ian
|