> On Sep 15, 2022, at 22:04 , Rubens Kuhl <[email protected]> wrote: > > On Fri, Sep 16, 2022 at 12:45 PM William Herrin <[email protected] > <mailto:[email protected]>> wrote: >> >> On Thu, Sep 15, 2022 at 9:09 PM Rubens Kuhl <[email protected]> wrote: >>> On Fri, Sep 16, 2022 at 11:55 AM William Herrin <[email protected]> wrote: >>>> No, the best option for me right now is that I just don't participate >>>> in RPKI and the system has one less participant. And that's a shame. >>> >>> That's only true in the current environment where RPKI is only used to >>> invalidate bogus routes. When any reachability for RPKI-unknowns is >>> lost, that will change. >> >> Hi Rubens, >> >> If you want to bet me on folks ever deciding to discard RPKI-unknowns >> down in the legacy class C's I'll be happy to take your money. > > I don't think people will look at even the class, and definitively not > to legacy or non-legacy partitions. > They will either drop it all, or not drop it at all. > > Note that when the only IP blocks that spammers and abusers can inject > in the system are non-signed ones, those blocks will get bad > reputations pretty fast. So the legacy holders use case for RPKI might > come sooner than you think.
Nah… Because the reputations will still be the individual /24s and while lots of /24s around mine have bad reputations, mine doesn’t and never has (modulo a couple of administrative errors that were on me and legitimately my fault, not actual spammers). > >> Anyway, the risk/reward calculation for NOT signing the LRSA right now >> is really a no-brainer. It's just unfortunate that means I won't get >> an early start on RPKI. > > Discarding RPKI-invalids is something you can do right now and that > doesn't come with a price tag. Good BCP38 and RPKI-invalid hygiene is > the thankless gift you can give to the community. Yes, but I think that RPKI unknowns are never going to be something that can be safely dropped and 90% of RPKI invalids so far seem to be people making RPKI mistakes with their legitimate announcements. The more I look at RPKI, the more it looks like a lot of effort with very little benefit to the community. YMMV Owen
