Reaching out to ARIN members about their RPKI INVALID prefixes
Jakob Heitz (jheitz)
jheitz at cisco.com
Thu Sep 20 05:22:20 UTC 2018
You are correct in that RPKI leaves many problems unsolved.
One that it does solve is prefix splitting.
If I issue a ROA for prefix 10.1.2.0/23, any announcement of 10.1.2.0/24 (including mine) will be declared INVALID, because that announcement is covered by the ROA and the mask length is longer than maxlen.
Of course, as you rightly point out, if I do NOT announce that prefix myself, then anyone is free to announce it anywhere and have it declared VALID just by prepending my ASN.
Date: Tue, 18 Sep 2018 14:18:55 -0700
From: Owen DeLong <owen at delong.com>
What does RPKI offer other than a way to know what to spoof in a prepend for your forged announcement?
More information about the NANOG