nanog mailing list archives

Re: ARIN's RPKI Relying agreement

From: Randy Bush <randy () psg com>
Date: Sat, 06 Dec 2014 03:27:48 +0900

rpki might work at scale.

ohhh noooooooooo!


rtconfig + prefix lists were never going to work at scale, so rpsl based
filters were mostly only ever deployed on asn edges rather than dfz core
inter-as bgp sessions.  This meant that the damage that a bad update might
cause would be relatively limited in scope.  RPSL's scaling limitations do
not apply to rpki, so in theory the scope for causing connectivity problems
is a good deal greater.  So if e.g. ARIN went offline or signed some broken
data which caused Joe's Basement ISP in Lawyerville to go offline globally,
you can probably see why ARIN would want to limit its liability.


if it works, it is scary and must be stopped!  and arin is doing such a
great job of that.


randy

Current thread:

Re: ARIN's RPKI Relying agreement, (continued)
- - - Re: ARIN's RPKI Relying agreement Andrew Gallo (Dec 04)
    - Re: ARIN's RPKI Relying agreement George, Wes (Dec 04)
    - Re: ARIN's RPKI Relying agreement George, Wes (Dec 04)
    - Re: ARIN's RPKI Relying agreement John Curran (Dec 04)
    - Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
    - Re: ARIN's RPKI Relying agreement Nick Hilliard (Dec 05)
    - Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
    - Re: ARIN's RPKI Relying agreement Matthias Waehlisch (Dec 05)
    - Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
    - Re: ARIN's RPKI Relying agreement Nick Hilliard (Dec 05)
    - Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
    - Re: ARIN's RPKI Relying agreement Alex Band (Dec 06)
    - Re: ARIN's RPKI Relying agreement John Curran (Dec 06)
    - Re: ARIN's RPKI Relying agreement John Curran (Dec 05)
    - Re: ARIN's RPKI Relying agreement Christopher Morrow (Dec 16)
    - Re: ARIN's RPKI Relying agreement John Curran (Dec 16)
    - Re: ARIN's RPKI Relying agreement Rob Seastrom (Dec 04)
    - Re: ARIN's RPKI Relying agreement Ca By (Dec 04)
    - Re: ARIN's RPKI Relying agreement George, Wes (Dec 04)
    - Re: ARIN's RPKI Relying agreement John Curran (Dec 04)
    - Re: ARIN's RPKI Relying agreement Jared Mauch (Dec 04)

(Thread continues...)