Prefix hijacking, how to prevent and fix currently

• Previous message (by thread): Prefix hijacking, how to prevent and fix currently
• Next message (by thread): Prefix hijacking, how to prevent and fix currently
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From: Saku Ytti <saku at ytti.fi>
> I feel RPKI would be much more marketable if vendors would implement 'loose'
> mode.
> Loose mode would drop failing routes, iff there is covering (i.e. less
> specific is ok) route already in RIB.

+10

> And it would completely remove false-positive blackholing.

This is why I don't want strict. That and true-positives, I don't think
having a switch that allows courts/rir finger trouble etc to take out
global routing is sensible. Too many others would start using it.

However loose mode could be abused in the same way, they just
invalidate your key and advertise a covering route to give themselves
effective strict over you. Admittedly there is collateral damage to
adjacent address space incurred in doing this but we know there are
hijack techniques they could use to mitigate that

brandon

• Previous message (by thread): Prefix hijacking, how to prevent and fix currently
• Next message (by thread): Prefix hijacking, how to prevent and fix currently
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]