nanog mailing list archives

Re: ARIN's RPKI Relying agreement

From: Nick Hilliard <nick () foobar org>
Date: Fri, 05 Dec 2014 17:00:35 +0000

On 05/12/2014 11:47, Randy Bush wrote:

and the difference is?

rpki might work at scale.


ohhh noooooooooo!


rtconfig + prefix lists were never going to work at scale, so rpsl based
filters were mostly only ever deployed on asn edges rather than dfz core
inter-as bgp sessions.  This meant that the damage that a bad update might
cause would be relatively limited in scope.  RPSL's scaling limitations do
not apply to rpki, so in theory the scope for causing connectivity problems
is a good deal greater.  So if e.g. ARIN went offline or signed some broken
data which caused Joe's Basement ISP in Lawyerville to go offline globally,
you can probably see why ARIN would want to limit its liability.

Nick

Current thread:

Re: ARIN's RPKI Relying agreement, (continued)
- - - Re: ARIN's RPKI Relying agreement Sandra Murphy (Dec 04)
    - Re: ARIN's RPKI Relying agreement Andrew Gallo (Dec 04)
    - Re: ARIN's RPKI Relying agreement George, Wes (Dec 04)
    - Re: ARIN's RPKI Relying agreement George, Wes (Dec 04)
    - Re: ARIN's RPKI Relying agreement John Curran (Dec 04)
    - Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
    - Re: ARIN's RPKI Relying agreement Nick Hilliard (Dec 05)
    - Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
    - Re: ARIN's RPKI Relying agreement Matthias Waehlisch (Dec 05)
    - Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
    - Re: ARIN's RPKI Relying agreement Nick Hilliard (Dec 05)
    - Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
    - Re: ARIN's RPKI Relying agreement Alex Band (Dec 06)
    - Re: ARIN's RPKI Relying agreement John Curran (Dec 06)
    - Re: ARIN's RPKI Relying agreement John Curran (Dec 05)
    - Re: ARIN's RPKI Relying agreement Christopher Morrow (Dec 16)
    - Re: ARIN's RPKI Relying agreement John Curran (Dec 16)
    - Re: ARIN's RPKI Relying agreement Rob Seastrom (Dec 04)
    - Re: ARIN's RPKI Relying agreement Ca By (Dec 04)
    - Re: ARIN's RPKI Relying agreement George, Wes (Dec 04)
    - Re: ARIN's RPKI Relying agreement John Curran (Dec 04)

(Thread continues...)