[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Reaching out to ARIN members about their RPKI INVALID prefixes
> On Sep 19, 2018, at 00:46 , nusenu <nusenu-lists at riseup.net> wrote:
> Owen DeLong:
>> Personally, since all RPKI accomplishes is providing a
>> cryptographically signed notation of origin ASNs that hijackers
>> should prepend to their announcements in order to create an aura of
>> credibility, I think we should stop throwing resources down this
> regardless of how one might think about RPKI, there are ROAs out
> there that reduce the visibility/reachability of certain prefixes and the
> general assumption is that announced prefixes would like to be reachable
> even if the operator doesn't care about RPKI and ROAs from the past anymore, he most likely cares
> about reachability from a pure operational point of view.
Yepâ?¦ And the easy recipe for one which doesnâ??t care about RPKI to restore reachability is â??delete the ROAsâ??.
> my email was not about: "How much does one like RPKI?â??
I have no impression that it was.
I thought it was about â??Should we consume more RIR resources dealing with this additional pain likely to be caused by RPKI?â??
> it is about whether it is acceptable that RIRs (and more specifically ARIN in this mailing list's context)
> notify affected parties of their prefixes that suffer from stale ROAs.
I agree with Mr. Morrow that this would end in pain.
> Even if one dislikes RPKI entirely the opinion could still be "yes notifying those parties makes sense
> to restore reachabilityâ??.
Agreed. However, whether I liked RPKI or not, Iâ??d still say that notification by the RIRs is prone
to sadness. My initial intent was merely to state that I prefer the RIRs not waste additional
resources on this, including notification.