Reaching out to ARIN members about their RPKI INVALID prefixes

• Subject: Reaching out to ARIN members about their RPKI INVALID prefixes
• From: jheitz at cisco.com (Jakob Heitz (jheitz))
• Date: Thu, 20 Sep 2018 05:22:20 +0000

Owen,

You are correct in that RPKI leaves many problems unsolved.

One that it does solve is prefix splitting.
If I issue a ROA for prefix 10.1.2.0/23, any announcement of 10.1.2.0/24 (including mine) will be declared INVALID, because that announcement is covered by the ROA and the mask length is longer than maxlen.

Of course, as you rightly point out, if I do NOT announce that prefix myself, then anyone is free to announce it anywhere and have it declared VALID just by prepending my ASN.

Regards,
Jakob.

-----Original Message-----
Date: Tue, 18 Sep 2018 14:18:55 -0700
From: Owen DeLong <owen at delong.com>

What does RPKI offer other than a way to know what to spoof in a prepend for your forged announcement?

• Follow-Ups:
  • Reaching out to ARIN members about their RPKI INVALID prefixes
    • From: mlm at pixelgate.net (Mark Milhollan)

• Prev by Date: SAFNOG-4/EANOG/tzNOG: 4 Days To Go!
• Next by Date: Massive Price Increase for X-conns at Telehouse Chelsea, NYC
• Previous by thread: Reaching out to ARIN members about their RPKI INVALID prefixes
• Next by thread: Reaching out to ARIN members about their RPKI INVALID prefixes
• Index(es):
  • Date
  • Thread