Reaching out to ARIN members about their RPKI INVALID prefixes

nusenu nusenu-lists at riseup.net
Wed Sep 19 07:46:00 UTC 2018


Owen DeLong:
> Personally, since all RPKI accomplishes is providing a
> cryptographically signed notation of origin ASNs that hijackers
> should prepend to their announcements in order to create an aura of
> credibility, I think we should stop throwing resources down this
> rathole.

regardless of how one might think about RPKI, there are ROAs out 
there that reduce the visibility/reachability of certain prefixes and the 
general assumption is that announced prefixes would like to be reachable
even if the operator doesn't care about RPKI and ROAs from the past anymore, he most likely cares
about reachability from a pure operational point of view.

my email was not about: "How much does one like RPKI?"
it is about whether it is acceptable that RIRs (and more specifically ARIN in this mailing list's context) 
notify affected parties of their prefixes that suffer from stale ROAs.
Even if one dislikes RPKI entirely the opinion could still be "yes notifying those parties makes sense
to restore reachability".


-- 
https://twitter.com/nusenu_
https://mastodon.social/@nusenu

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180919/50156566/attachment.sig>


More information about the NANOG mailing list