nanog mailing list archives
Re: ARIN's RPKI Relying agreement
From: Alex Band <alexb () ripe net>
Date: Sat, 6 Dec 2014 09:27:52 +0100
On 5 Dec 2014, at 18:00, Nick Hilliard <nick () foobar org> wrote: On 05/12/2014 11:47, Randy Bush wrote:and the difference is?rpki might work at scale.ohhh noooooooooo!So if e.g. ARIN went offline or signed some broken data which caused Joe's Basement ISP in Lawyerville to go offline globally, you can probably see why ARIN would want to limit its liability.
If ARIN (or another other RIR) went offline or signed broken data, all signed prefixes that previously has the RPKI status "Valid", would fall back to the state "Unknown", as if they were never signed in the first place. The state would NOT be "Invalid". What is the likelihood of Joe's Basement ISP being filtered by anyone because their BGP announcements are RPKI "Unknown", as if they weren't participating in the opt-in system? It seems as if the argumentation is built around "RIR messes up == ISPs go offline", but that isn't a realistic scenario IMO, because no operator in their right mind would drop prefixes with the state "Unknown". You could only realistically do that if all 550,000 Announcements in the DFZ are covered by a ROA. Not soon, if ever. -Alex
Current thread:
- Re: ARIN's RPKI Relying agreement, (continued)
- Re: ARIN's RPKI Relying agreement George, Wes (Dec 04)
- Re: ARIN's RPKI Relying agreement George, Wes (Dec 04)
- Re: ARIN's RPKI Relying agreement John Curran (Dec 04)
- Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
- Re: ARIN's RPKI Relying agreement Nick Hilliard (Dec 05)
- Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
- Re: ARIN's RPKI Relying agreement Matthias Waehlisch (Dec 05)
- Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
- Re: ARIN's RPKI Relying agreement Nick Hilliard (Dec 05)
- Re: ARIN's RPKI Relying agreement Randy Bush (Dec 05)
- Re: ARIN's RPKI Relying agreement Alex Band (Dec 06)
- Re: ARIN's RPKI Relying agreement John Curran (Dec 06)
- Re: ARIN's RPKI Relying agreement John Curran (Dec 05)
- Re: ARIN's RPKI Relying agreement Christopher Morrow (Dec 16)
- Re: ARIN's RPKI Relying agreement John Curran (Dec 16)
- Re: ARIN's RPKI Relying agreement Rob Seastrom (Dec 04)
- Re: ARIN's RPKI Relying agreement Ca By (Dec 04)
- Re: ARIN's RPKI Relying agreement George, Wes (Dec 04)
- Re: ARIN's RPKI Relying agreement John Curran (Dec 04)
- Re: ARIN's RPKI Relying agreement Jared Mauch (Dec 04)
- Re: ARIN's RPKI Relying agreement John Curran (Dec 04)