RPKI unknown for superprefixes of existing ROA ?
William Herrin
bill at herrin.us
Sun Oct 22 16:27:34 UTC 2023
On Sun, Oct 22, 2023 at 9:10 AM William Herrin <bill at herrin.us> wrote:
> In essence, this means that a ROA to AS0 doesn't work as intended.
Let me ground it a bit:
He's saying that someone could come along and advertise 0.0.0.0/1 and
128.0.0.0/1 and by doing so they'd hijack every unrouted address block
regardless of the block's ROA.
RPKI is unable to address this attack vector.
Regards,
Bill Herrin
--
William Herrin
bill at herrin.us
https://bill.herrin.us/
More information about the NANOG
mailing list