Lightly used IP addresses

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon Aug 16 11:44:43 CDT 2010


On Mon, 16 Aug 2010 09:57:51 EDT, Joe Maimon said:

> Kind of interesting to consider how a successful implementation of RPKI 
> might change the rules of this game we all play in. I tried talking 
> about that at ARIN in Toronto, not certain I was clear enough.

I'm not at all convinced this would help all that much.  A PKI would allow
better verification of authentication - but how many providers currently have
doubts about who the other end of their BGP session is?  I'm sure most of the
ones who care have already set up TCPMD5 and/or TTL hacks, and the rest
wouldn't deploy an RPKI.

The real problem is authorization - and the same people who don't currently
apply filtering of BGP announcements won't deploy a PKI.

So the people who care already have other tools to do most of the work, and
the ones who don't care won't deploy.  Sure it may be nice and allow automation
of some parts of the mess, but I'm not seeing a big window here for it being
a game-changer.

If somebody has a good case for how it *will* be a game-changer, I'm all ears.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20100816/00d20b25/attachment.bin>


More information about the NANOG mailing list