nanog mailing list archives
Re: "Is BGP safe yet?" test
From: Matt Corallo via NANOG <nanog () nanog org>
Date: Tue, 21 Apr 2020 09:44:32 -0700
Sure. This kinda falls under my point that we should be talking about basic mitigation, then. I’m not aware of any previous discussion of creating policy that instructs RIRs to do so. Again, with a basic step like that, plus a validator-enforced time delay between when a RIR can remove a ROA for some IP space and when it can be replaced, RPKI would be drastically de-risked. Once you start going down that road, there would be way more desire on the part of OFAC and other small committees to enforce policy using other levers.
On Apr 21, 2020, at 09:36, Rubens Kuhl <rubensk () gmail com> wrote: On Tue, Apr 21, 2020 at 1:10 PM Matt Corallo via NANOG <nanog () nanog org> wrote: That’s an interesting idea. I’m not sure that LACNIC would want to issue a ROA for RIPE IP space after RIPE issues an AS0 ROA, though. And you’d at least need some kind of time delay to give other RIRs and operators and chance to discuss the matter before allowing RIPE to issue the AS0 ROA, eg in my example mitigation strategy.All 5 RIRs can issue ROAs for all the IP address spaces. They don't as a matter of coordinated operations, but that doesn't prevent court orders determining that to be done. Rubens
Current thread:
- Re: "Is BGP safe yet?" test, (continued)
- Re: "Is BGP safe yet?" test Baldur Norddahl (Apr 20)
- Re: "Is BGP safe yet?" test Matt Corallo via NANOG (Apr 20)
- Re: "Is BGP safe yet?" test Alex Band (Apr 21)
- Re: "Is BGP safe yet?" test Sander Steffann (Apr 21)
- Re: "Is BGP safe yet?" test Baldur Norddahl (Apr 21)
- Re: "Is BGP safe yet?" test Alex Band (Apr 21)
- Re: "Is BGP safe yet?" test Matt Corallo via NANOG (Apr 21)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 21)
- Re: "Is BGP safe yet?" test Alex Band (Apr 21)
- Re: "Is BGP safe yet?" test Matt Corallo via NANOG (Apr 21)
- Re: "Is BGP safe yet?" test Rubens Kuhl (Apr 21)
- Re: "Is BGP safe yet?" test Matt Corallo via NANOG (Apr 21)
- Re: "Is BGP safe yet?" test Danny McPherson (Apr 22)
- Re: "Is BGP safe yet?" test Warren Kumari (Apr 22)
- Re: "Is BGP safe yet?" test Matt Corallo via NANOG (Apr 21)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 22)
- Re: "Is BGP safe yet?" test Danny McPherson (Apr 22)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 22)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 22)