nanog mailing list archives
Re: "Is BGP safe yet?" test
From: Warren Kumari <warren () kumari net>
Date: Wed, 22 Apr 2020 14:15:01 -0400
On Wed, Apr 22, 2020 at 11:45 AM Danny McPherson <danny () tcb net> wrote:
On 2020-04-21 12:36, Rubens Kuhl wrote:On Tue, Apr 21, 2020 at 1:10 PM Matt Corallo via NANOG <nanog () nanog org> wrote:That’s an interesting idea. I’m not sure that LACNIC would want to issue a ROA for RIPE IP space after RIPE issues an AS0 ROA, though. And you’d at least need some kind of time delay to give other RIRs and operators and chance to discuss the matter before allowing RIPE to issue the AS0 ROA, eg in my example mitigation strategy.All 5 RIRs can issue ROAs for all the IP address spaces. They don't as a matter of coordinated operations, but that doesn't prevent court orders determining that to be done.Or a miscreant. [insert-least-favorite-rir] is now part of your attack surface.
Or a slip of the keyboard / software ooops / mistake -- but, in spite of this, I think that RPKI / ROAs / ROV is a good thing; as with everything, this is an engineering trade off, and to me this feels well worth it... I do think that CloudFlare does some great things for the Internet - they've moved DNSSEC forward immensely, significantly increased the adoption of HTTPS/TLS, the OctoRPKI/GoRTR stuff is nice and easy, their hosted RPKI cache, etc -- but their marketing pushes like this feel overly aggressive. W
-danny
-- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
Current thread:
- Re: "Is BGP safe yet?" test, (continued)
- Re: "Is BGP safe yet?" test Alex Band (Apr 21)
- Re: "Is BGP safe yet?" test Sander Steffann (Apr 21)
- Re: "Is BGP safe yet?" test Baldur Norddahl (Apr 21)
- Re: "Is BGP safe yet?" test Alex Band (Apr 21)
- Re: "Is BGP safe yet?" test Matt Corallo via NANOG (Apr 21)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 21)
- Re: "Is BGP safe yet?" test Alex Band (Apr 21)
- Re: "Is BGP safe yet?" test Matt Corallo via NANOG (Apr 21)
- Re: "Is BGP safe yet?" test Rubens Kuhl (Apr 21)
- Re: "Is BGP safe yet?" test Matt Corallo via NANOG (Apr 21)
- Re: "Is BGP safe yet?" test Danny McPherson (Apr 22)
- Re: "Is BGP safe yet?" test Warren Kumari (Apr 22)
- Re: "Is BGP safe yet?" test Matt Corallo via NANOG (Apr 21)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 22)
- Re: "Is BGP safe yet?" test Danny McPherson (Apr 22)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 22)
- Re: "Is BGP safe yet?" test Christopher Morrow (Apr 22)
- Re: "Is BGP safe yet?" test Andrey Kostin (Apr 23)