nanog mailing list archives
Re: ARIN's RPKI Relying agreement
From: John Curran <jcurran () arin net>
Date: Sat, 6 Dec 2014 18:26:05 +0000
On Dec 6, 2014, at 3:27 AM, Alex Band <alexb () ripe net> wrote:
If ARIN (or another other RIR) went offline or signed broken data, all signed prefixes that previously has the RPKI status "Valid", would fall back to the state "Unknown", as if they were never signed in the first place. The state would NOT be "Invalid".
Alex - Depends on the nature of the error... In cases of overclaiming, the current validation algorithm could result in "Invalid". This could happen, for example, if major ISP were to initiate transfer of some number resources to their business unit in another region, and then fail locally to swing to certs with the reduced resource list in a timely manner... All of the remaining prefixes in the existing cert would be deemed "invalid" and that could easily result in some very significant disruption for those validating w/RPKI. (i.e. as noted in <draft-ietf-sidr-rpki-validation-reconsidered-00>) FYI, /John John Curran President and CEO ARIN
Current thread:
- Re: ARIN's RPKI Relying agreement, (continued)
- Re: ARIN's RPKI Relying agreement George, Wes (Dec 04)
- Re: ARIN's RPKI Relying agreement John Curran (Dec 04)
- Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
- Re: ARIN's RPKI Relying agreement Nick Hilliard (Dec 05)
- Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
- Re: ARIN's RPKI Relying agreement Matthias Waehlisch (Dec 05)
- Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
- Re: ARIN's RPKI Relying agreement Nick Hilliard (Dec 05)
- Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
- Re: ARIN's RPKI Relying agreement Alex Band (Dec 06)
- Re: ARIN's RPKI Relying agreement John Curran (Dec 06)
- Re: ARIN's RPKI Relying agreement John Curran (Dec 05)
- Re: ARIN's RPKI Relying agreement Christopher Morrow (Dec 16)
- Re: ARIN's RPKI Relying agreement John Curran (Dec 16)
- Re: ARIN's RPKI Relying agreement Rob Seastrom (Dec 04)
- Re: ARIN's RPKI Relying agreement Ca By (Dec 04)
- Re: ARIN's RPKI Relying agreement George, Wes (Dec 04)
- Re: ARIN's RPKI Relying agreement John Curran (Dec 04)
- Re: ARIN's RPKI Relying agreement Jared Mauch (Dec 04)
- Re: ARIN's RPKI Relying agreement John Curran (Dec 04)
- Re: ARIN's RPKI Relying agreement Jared Mauch (Dec 04)