1 files changed, 0 insertions, 171 deletions
diff --git a/doc/doc.RPKI.RP b/doc/doc.RPKI.RP
index 816797c4..fa7a0be2 100644
--- a/doc/doc.RPKI.RP
+++ b/doc/doc.RPKI.RP
@@ -57,177 +57,6 @@ roa-to-irr expects its output to be piped to the irr_rpsl_submit program.
 
 roa-to-irr isn't really documented (yet?). If you care, see the code.
 
-**** rpki-torrent ****
-
-rpki-torrent is an experimental program for distributing unvalidated RPKI data
-over the BitTorrent protocol. Such data still needs to be validated by the
-relying party (rpki-torrent does this automatically), BitTorrent is just being
-used as an alternative transport protocol.
-
-rpki-torrent isn't really documented yet.
-
 **** Utilities ****
 
 You may also find some of the RPKI utility programs useful.
-
-***** Running relying party tools under cron *****
-
-rcynic is the primary relying party tool, and it's designed to run under the
-cron daemon. Consequently, most of the other tools are also designed to run
-under the cron daemon, so that they can make use of rcynic's output immediately
-after rcynic finishes a validation run.
-
-rcynic-cron runs the basic set of relying party tools (rcynic, rcynic-html, and
-rtr-origin --cronjob); if this suffices for your purposes, you don't need to do
-anything else. The rest of this section is a discussion of alternative
-approaches.
-
-Which tools you want to run depends on how you intend to use the relying party
-tools. Here we assume a typical case in which you want to gather and validate
-RPKI data and feed the results to routers using the rpki-rtr protocol. We also
-assume that everything has been installed in the default locations.
-
-The exact sequence for invoking rcynic itself varies depending both on whether
-you're using a chroot jail or not and on the platform on which you're running
-rcynic, as the chroot utilities on different platforms behave slightly
-differently. Using a chroot jail used to be the default for rcynic, but it
-turned out that many users found the setup involved to be too complex.
-
-If you're not using rcynic-cron, it's probably simplest to generate a short
-shell script which calls the tools you want in the correct order, so that's
-what we show here.
-
-Once you've written this script, install it in your crontab, running at some
-appropriate interval: perhaps hourly, or perhaps every six hours, depending on
-your needs. You should run it at least once per day, and probably should not
-run it more frequently than once per hour unless you really know what you are
-doing. Please do NOT just arrange for the script to run on the hour, instead
-pick some random minute value within the hour as the start time for your
-script, to help spread the load on the repository servers.
-
-On FreeBSD or MacOSX, this script might look like this:
-
-  #!/bin/sh -
-  /usr/sbin/chroot -u rcynic -g rcynic /var/rcynic /bin/rcynic -c /etc/
-  rcynic.conf || exit
-  /var/rcynic/bin/rcynic-html /var/rcynic/data/rcynic.xml /usr/local/www/data/
-  rcynic
-  cd /var/rcynic/rpki-rtr
-  /usr/bin/su -m rcynic -c '/usr/local/bin/rtr-origin --cronjob /var/rcynic/
-  data/authenticated'
-
-This assumes that you have done
-
-  mkdir /var/rcynic/rpki-rtr
-  chown rcynic /var/rcynic/rpki-rtr
-
-On GNU/Linux systems, the script might look like this if you use the chrootuid
-program:
-
-  #!/bin/sh -
-  /usr/bin/chrootuid /var/rcynic rcynic /bin/rcynic -c /etc/rcynic.conf || exit
-  /var/rcynic/bin/rcynic-html /var/rcynic/data/rcynic.xml /var/www/rcynic
-  cd /var/rcynic/rpki-rtr
-  /usr/bin/su -m rcynic -c '/usr/local/bin/rtr-origin --cronjob /var/rcynic/
-  data/authenticated'
-
-If you use the chroot program instead of chrootuid, change the line that
-invokes rcynic to:
-
-  /usr/sbin/chroot --userspec rcynic:rcynic /var/rcynic /bin/rcynic -c /etc/
-  rcynic.conf || exit
-
-***** Running a hierarchical rsync configuration *****
-
-Having every relying party on the Internet contact every publication service is
-not terribly efficient. In many cases, it may make more sense to use a
-hierarchical configuration in which a few "gatherer" relying parties contact
-the publication servers directly, while a collection of other relying parties
-get their raw data from the gatherers.
-
-Note: The relying parties in this configuration still perform their own
-validation, they just let the gatherers do the work of collecting the
-unvalidated data for them.
-
-A gatherer in a configuration like this would look just like a stand-alone
-relying party as discussed above. The only real difference is that a gatherer
-must also make its unauthenticated data collection available to other relying
-parties. Assuming the standard configuration, this will be the directory /var/
-rcynic/data/unauthenticated and its subdirectories.
-
-There are two slightly different ways to do this with rsync:
-
-  1. Via unauthenticated rsync, by configuring an rsyncd.conf "module", or
-  2. Via rsync over a secure transport protocol such as ssh.
-
-Since the downstream relying party performs its own validation in any case,
-either of these will work, but using a secure transport such as ssh makes it
-easier to track problems back to their source if a downstream relying party
-concludes that it's been receiving bad data.
-
-Script for a downstream relying party using ssh might look like this:
-
-  #!/bin/sh -
-
-  PATH=/usr/bin:/bin:/usr/local/bin
-  umask 022
-  eval `/usr/bin/ssh-agent -s` >/dev/null
-  /usr/bin/ssh-add /root/rpki_ssh_id_rsa 2>&1 | /bin/fgrep -v 'Identity added:'
-  hosts='larry.example.org moe.example.org curly.example.org'
-  for host in $hosts
-  do
-    /usr/bin/rsync --archive --update --safe-links rpkisync@${host}:/var/
-  rcynic/data/unauthenticated/ /var/rcynic/data/unauthenticated.${host}/
-  done
-  eval `/usr/bin/ssh-agent -s -k` >/dev/null
-  for host in $hosts
-  do
-    /usr/sbin/chroot -u rcynic -g rcynic /var/rcynic /bin/rcynic -c /etc/
-  rcynic.conf -u /data/unauthenticated.${host}
-    /var/rcynic/bin/rcynic-html /var/rcynic/data/rcynic.xml /usr/local/www/
-  data/rcynic.${host}
-  done
-  cd /var/rcynic/rpki-rtr
-  /usr/bin/su -m rcynic -c '/usr/local/bin/rtr-origin --cronjob /var/rcynic/
-  data/authenticated'
-
-where /root/rpki_ssh_id_rsa is an SSH private key authorized to log in as user
-"rpkisync" on the gatherer machines. If you want to lock this down a little
-tighter, you could use ssh's command="..." mechanism as described in the sshd
-documentation to restrict the rpkisync user so that it can only run this one
-rsync command.
-
-If you prefer to use insecure rsync, perhaps to avoid allowing the downstream
-relying parties any sort of login access at all on the gatherer machines, the
-configuration would look more like this:
-
-  #!/bin/sh -
-
-  PATH=/usr/bin:/bin:/usr/local/bin
-  umask 022
-  hosts='larry.example.org moe.example.org curly.example.org'
-  for host in $hosts
-  do
-    /usr/bin/rsync --archive --update --safe-links rsync://${host}/
-  unauthenticated/ /var/rcynic/data/unauthenticated.${host}/
-  done
-  for host in $hosts
-  do
-    /usr/sbin/chroot -u rcynic -g rcynic /var/rcynic /bin/rcynic -c /etc/
-  rcynic.conf -u /data/unauthenticated.${host}
-    /var/rcynic/bin/rcynic-html /var/rcynic/data/rcynic.xml /usr/local/www/
-  data/rcynic.${host}
-  done
-  cd /var/rcynic/rpki-rtr
-  /usr/bin/su -m rcynic -c '/usr/local/bin/rtr-origin --cronjob /var/rcynic/
-  data/authenticated'
-
-where "unauthenticated" here is an rsync module pointing at /var/rcynic/data/
-unauthenticated on each of the gatherer machines. Configuration for such a
-module would look like:
-
-  [unauthenticated]
-      read only           = yes
-      transfer logging    = yes
-      path                = /var/rcynic/data/unauthenticated
-      comment             = Unauthenticated RPKI data