> On Sep 18, 2018, at 12:09 PM, Jared Mauch <[email protected]> wrote:
>
>
>
>> On Sep 18, 2018, at 3:04 PM, Owen DeLong <[email protected]> wrote:
>>
>>
>>
>>> On Sep 18, 2018, at 11:06 AM, Christopher Morrow <[email protected]>
>>> wrote:
>>>
>>>
>>>
>>> On Tue, Sep 18, 2018 at 10:36 AM Job Snijders <[email protected]> wrote:
>>> Owen,
>>>
>>> On Tue, Sep 18, 2018 at 10:23:42AM -0700, Owen DeLong wrote:
>>>> Personally, since all RPKI accomplishes is providing a
>>>> cryptographically signed notation of origin ASNs that hijackers should
>>>> prepend to their announcements in order to create an aura of
>>>> credibility, I think we should stop throwing resources down this
>>>> rathole.
>>> I think you underestimate how valuable RPKI based Origin Validation
>>> (even just by itself) is in today's Internet landscape.
>>>
>>> If you are aware of other efforts or more fruitful approaches please let
>>> us know.
>>>
>>>
>>> Perhaps said another way:
>>>
>>> "How would you figure out what prefixes your bgp peer(s) should be sending
>>> you?"
>>> (in an automatable, and verifiable manner)
>>>
>>> -chris
>>
>> In theory, that’s what IRRs are for.
>>
>> In practice, while they offer better theoretical capabilities if stronger
>> authentication were added, the current implementation and acceptance leaves
>> much to be desired.
>
> Judging a global ecosystem just by what ARIN does is perhaps some of the
> issue. ARIN seems to be the outlier here as has been measured. An ARIN
> prefix ROA is less valuable than the other regions and this is IMO deliberate
> on the part of ARIN.
>
>> However, even in theory, RPKI offers nothing of particular benefit even in
>> its best case of widespread implementation.
>
> Disagree, but that’s ok. I know at $dayJob I’m preparing the way, but it’s
> much harder than it should be due to the nature of our business.
>
> - Jared
What does RPKI offer other than a way to know what to spoof in a prepend for
your forged announcement?
Owen
