deploying RPKI based Origin Validation

• Previous message (by thread): deploying RPKI based Origin Validation
• Next message (by thread): deploying RPKI based Origin Validation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 13/Jul/18 18:37, Job Snijders wrote:

> That is exactly what I mean. Because of the golden rule "most-specific
> always wins" (and parts of the AS_PATH are pretty easy to spoof) it
> only makes sense to me to completely reject invalid routes.

Exactly my preference, and exactly what we did for 2 years. But in
practice, customers don't really like this, nor does your CFO.

We need mass deployment for this to work effectively, and also a bit
more education for those that sign aggregates but not the more-specifics.

Mark.

• Previous message (by thread): deploying RPKI based Origin Validation
• Next message (by thread): deploying RPKI based Origin Validation
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]