----- Original Message ----- > From: "William Herrin" <b...@herrin.us>
> So, you represent to your ISP that you're authorized to use a certain > range of addresses. He represents to his upstream that he's authorized > to use them on your behalf, and so on. The former is a first-hand transaction: if you're lying to your edge carrier, he can cut you off with no collateral damage. The latter, though, is arms-length, *and* has no reasonable way to be implemented that I can see without extending whatever OAM&P system that carrier has atop their gear. > The reliability of these representations obviously falls at they grow > distant from the source. So what? That's a problem for RPKI. The > problem we need concern ourselves with is dropping packets whose > source addresses are inconsistent with our customer's _representation_ > of the addresses he's authorized to originate, however reliable or > unreliable that representation may turn out to be. That's great, but that's a couple orders of magnitude of added complexity that, quite frankly Bill, I can't sell just now. :-) Worse (to bring this ontopic for NANOG): that complexity needs to live *inside routers*, unless I'm very much mistaken. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274