ARIN's RPKI Relying agreement

Nick Hilliard nick at foobar.org
Fri Dec 5 17:00:35 UTC 2014


On 05/12/2014 11:47, Randy Bush wrote:
>>> and the difference is?
>> rpki might work at scale.
> 
> ohhh noooooooooo!

rtconfig + prefix lists were never going to work at scale, so rpsl based
filters were mostly only ever deployed on asn edges rather than dfz core
inter-as bgp sessions.  This meant that the damage that a bad update might
cause would be relatively limited in scope.  RPSL's scaling limitations do
not apply to rpki, so in theory the scope for causing connectivity problems
is a good deal greater.  So if e.g. ARIN went offline or signed some broken
data which caused Joe's Basement ISP in Lawyerville to go offline globally,
you can probably see why ARIN would want to limit its liability.

Nick





More information about the NANOG mailing list