Owen, You are correct in that RPKI leaves many problems unsolved.
One that it does solve is prefix splitting. If I issue a ROA for prefix 10.1.2.0/23, any announcement of 10.1.2.0/24 (including mine) will be declared INVALID, because that announcement is covered by the ROA and the mask length is longer than maxlen. Of course, as you rightly point out, if I do NOT announce that prefix myself, then anyone is free to announce it anywhere and have it declared VALID just by prepending my ASN. Regards, Jakob. -----Original Message----- Date: Tue, 18 Sep 2018 14:18:55 -0700 From: Owen DeLong <[email protected]> What does RPKI offer other than a way to know what to spoof in a prepend for your forged announcement?
