"Is BGP safe yet?" test

Matt Corallo nanog at as397444.net
Tue Apr 21 16:44:32 UTC 2020


Sure. This kinda falls under my point that we should be talking about basic mitigation, then. I’m not aware of any previous discussion of creating policy that instructs RIRs to do so. Again, with a basic step like that, plus a validator-enforced time delay between when a RIR can remove a ROA for some IP space and when it can be replaced, RPKI would be drastically de-risked. Once you start going down that road, there would be way more desire on the part of OFAC and other small committees to enforce policy using other levers.

> On Apr 21, 2020, at 09:36, Rubens Kuhl <rubensk at gmail.com> wrote:
> 
> 
> 
> 
>> On Tue, Apr 21, 2020 at 1:10 PM Matt Corallo via NANOG <nanog at nanog.org> wrote:
>> That’s an interesting idea. I’m not sure that LACNIC would want to issue a ROA for RIPE IP space after RIPE issues an AS0 ROA, though. And you’d at least need some kind of time delay to give other RIRs and operators and chance to discuss the matter before allowing RIPE to issue the AS0 ROA, eg in my example mitigation strategy.
>> 
> 
> All 5 RIRs can issue ROAs for all the IP address spaces. They don't as a matter of coordinated operations, but that doesn't prevent court orders determining that to be done. 
> 
> 
> Rubens
>  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200421/d6fd8c86/attachment.html>


More information about the NANOG mailing list