RPKI unknown for superprefixes of existing ROA ?

• Previous message (by thread): RPKI unknown for superprefixes of existing ROA ?
• Next message (by thread): RPKI unknown for superprefixes of existing ROA ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, Oct 22, 2023 at 10:06 AM Tom Beecher <beecher at beecher.cc> wrote:
>> And is it your belief that this addresses the described attack vector?
>> AFAICT, it does not.
>
>  In the mixed RPKI / non-RPKI environment of today's internet, no it doesn't.

I don't see a path to an Internet where a serious network operator can
broadly discard routes for which there is no RPKI information.
Especially given that many legacy folks are barred by the registry
from participating in RPKI.

Do you see a path?

Then we have to treat this as a case where RPKI is non-performant and
operate with the understanding that an AS0 ROA will not, as a
practical matter, accomplish the thing it was designed to do.

Regards,
Bill Herrin


-- 
William Herrin
bill at herrin.us
https://bill.herrin.us/

• Previous message (by thread): RPKI unknown for superprefixes of existing ROA ?
• Next message (by thread): RPKI unknown for superprefixes of existing ROA ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]