nanog mailing list archives

Re: RPKI unknown for superprefixes of existing ROA ?

From: William Herrin <bill () herrin us>
Date: Sun, 22 Oct 2023 09:27:34 -0700

On Sun, Oct 22, 2023 at 9:10 AM William Herrin <bill () herrin us> wrote:

In essence, this means that a ROA to AS0 doesn't work as intended.


Let me ground it a bit:

He's saying that someone could come along and advertise 0.0.0.0/1 and
128.0.0.0/1 and by doing so they'd hijack every unrouted address block
regardless of the block's ROA.

RPKI is unable to address this attack vector.

Regards,
Bill Herrin


-- 
William Herrin
bill () herrin us
https://bill.herrin.us/

Current thread:

Re: Acceptance of RPKI unknown in ROV, (continued)
- - - Re: Acceptance of RPKI unknown in ROV Randy Bush (Oct 19)
    - Re: Acceptance of RPKI unknown in ROV Fearghas Mckay (Oct 19)
    - Re: Acceptance of RPKI unknown in ROV Randy Bush (Oct 19)
    - Re: Acceptance of RPKI unknown in ROV Dale W. Carder (Oct 20)
- RPKI unknown for superprefixes of existing ROA ? Amir Herzberg (Oct 21)
  - Re: RPKI unknown for superprefixes of existing ROA ? Mark Tinka (Oct 21)
    - Re: RPKI unknown for superprefixes of existing ROA ? William Herrin (Oct 21)
    - Re: RPKI unknown for superprefixes of existing ROA ? Amir Herzberg (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Job Snijders via NANOG (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? William Herrin (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? William Herrin (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? William Herrin (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? William Herrin (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Owen DeLong via NANOG (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Amir Herzberg (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Job Snijders via NANOG (Oct 22)

(Thread continues...)