nanog mailing list archives
Re: "Is BGP safe yet?" test
From: Sander Steffann <sander () steffann nl>
Date: Tue, 21 Apr 2020 10:56:17 +0200
Hi,
Removing a resource from the certificate to achieve the goal you describe will make the route announcement NotFound, which means it will be accepted. Evil RIR would have to replace an existing ROA with one that explicitly makes a route invalid, i.e. issue an AS0 ROA for specific member prefix. This seems like a pretty convoluted way to try and take a network offline.
I've seen worse… Sander
Attachment:
signature.asc
Description: Message signed with OpenPGP
Current thread:
- Re: "Is BGP safe yet?" test, (continued)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 20)
- Re: "Is BGP safe yet?" test Alex Band (Apr 20)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 20)
- Re: "Is BGP safe yet?" test jim deleskie (Apr 20)
- Re: "Is BGP safe yet?" test Denys Fedoryshchenko (Apr 20)
- Re: "Is BGP safe yet?" test Baldur Norddahl (Apr 20)
- Re: "Is BGP safe yet?" test Alex Band (Apr 21)
- Re: "Is BGP safe yet?" test Sander Steffann (Apr 21)
- Re: "Is BGP safe yet?" test Baldur Norddahl (Apr 21)
- Re: "Is BGP safe yet?" test Alex Band (Apr 21)
- Re: "Is BGP safe yet?" test Matt Corallo via NANOG (Apr 21)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 21)