Lightly used IP addresses

Joe Maimon jmaimon at ttec.com
Mon Aug 16 12:59:38 CDT 2010



Valdis.Kletnieks at vt.edu wrote:
> On Mon, 16 Aug 2010 09:57:51 EDT, Joe Maimon said:
>
>> Kind of interesting to consider how a successful implementation of RPKI
>> might change the rules of this game we all play in. I tried talking
>> about that at ARIN in Toronto, not certain I was clear enough.
>
> I'm not at all convinced this would help all that much.  A PKI would allow
> better verification of authentication - but how many providers currently have
> doubts about who the other end of their BGP session is?  I'm sure most of the
> ones who care have already set up TCPMD5 and/or TTL hacks, and the rest
> wouldn't deploy an RPKI.
>
> The real problem is authorization - and the same people who don't currently
> apply filtering of BGP announcements won't deploy a PKI.
>
> So the people who care already have other tools to do most of the work, and
> the ones who don't care won't deploy.  Sure it may be nice and allow automation
> of some parts of the mess, but I'm not seeing a big window here for it being
> a game-changer.

What you are saying is that you have doubts that there will be a 
successful implementation of RPKI that will properly secure BGP.

>
> If somebody has a good case for how it *will* be a game-changer, I'm all ears.

However, Randy's point seemed me to be one I had brought up before.

Can the RiR's still pass the theoretical fork test if RPKI were to be 
successfully and globally deployed?

I am glad to hear that others who are likely far more competent than I 
are seriously examining the issue and seem to have similar concerns.

The topic of this sub-thread isnt about the technological challenge of 
securing BGP and the routing of prefixes, it is about the political 
implications of successfully doing so and what the resulting impact on 
operations may be.

Joe




More information about the NANOG mailing list