Reaching out to ARIN members about their RPKI INVALID prefixes
owen at delong.com
Thu Sep 20 01:02:27 UTC 2018
> On Sep 19, 2018, at 00:46 , nusenu <nusenu-lists at riseup.net> wrote:
> Owen DeLong:
>> Personally, since all RPKI accomplishes is providing a
>> cryptographically signed notation of origin ASNs that hijackers
>> should prepend to their announcements in order to create an aura of
>> credibility, I think we should stop throwing resources down this
> regardless of how one might think about RPKI, there are ROAs out
> there that reduce the visibility/reachability of certain prefixes and the
> general assumption is that announced prefixes would like to be reachable
> even if the operator doesn't care about RPKI and ROAs from the past anymore, he most likely cares
> about reachability from a pure operational point of view.
Yep… And the easy recipe for one which doesn’t care about RPKI to restore reachability is “delete the ROAs”.
> my email was not about: "How much does one like RPKI?”
I have no impression that it was.
I thought it was about “Should we consume more RIR resources dealing with this additional pain likely to be caused by RPKI?”
> it is about whether it is acceptable that RIRs (and more specifically ARIN in this mailing list's context)
> notify affected parties of their prefixes that suffer from stale ROAs.
I agree with Mr. Morrow that this would end in pain.
> Even if one dislikes RPKI entirely the opinion could still be "yes notifying those parties makes sense
> to restore reachability”.
Agreed. However, whether I liked RPKI or not, I’d still say that notification by the RIRs is prone
to sadness. My initial intent was merely to state that I prefer the RIRs not waste additional
resources on this, including notification.
More information about the NANOG