On 10/21/23 16:03, Amir Herzberg wrote:
Hi Owen, Randy, Job and other NANOGers,
I surely agree with you all that we shouldn't expect discarding of
ROA-unknown `anytime soon' (or ever?). But I have a question: what
about discarding ROA-unknowns for very large prefixes (say, /12), or
for superprefixes of prefixes with announced ROAs? Or at least, for
superprefixes of prefixes with ROA to AS 0?
For motivation, consider the `superprefix hijack attack'. Operator has
prefix 1.2.4/22, but announce only 1.2.5/24 and 1.2.6/24, with
appropriate ROAs. To avoid abuse of 1.2.4/24 and 1.2.7/24, they also
make a ROA for 1.2.4/22 with AS 0. Attacker now announces 1.2.0/20,
and uses IPs in 1.2.4/24 and 1.2.7/24 to send spam etc.. We introduced
this threat and analyzed it in our ROV++ paper, btw (NDSS'21 I think -
available online too of course).
So: would it be conceivable that operators will block such 1.2.0/20 -
since it's too large a prefix without ROA and in particular includes
sub-prefixes with ROA, esp. ROA to AS 0?
The question is - who gets to decide how much space is "too large"?
"Too large" will most certainly be different for different networks.
If we try to get the RPKI to do things other than for which it was
intended which may be interpreted as "unreasonable control", we make the
case for those who think that is what it was destined to become.
Mark.
