"Is BGP safe yet?" test
Sander Steffann
sander at steffann.nl
Tue Apr 21 08:56:17 UTC 2020
Hi,
> Removing a resource from the certificate to achieve the goal you describe will make the route announcement NotFound, which means it will be accepted. Evil RIR would have to replace an existing ROA with one that explicitly makes a route invalid, i.e. issue an AS0 ROA for specific member prefix. This seems like a pretty convoluted way to try and take a network offline.
I've seen worse…
Sander
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200421/e39dd5cc/attachment.sig>
More information about the NANOG
mailing list