Hi, On Fri, Nov 14, 2014 at 04:18:30PM +0100, Wilfried Woeber wrote: > For the RPKI stuff, again, there isn't a requirment for a second > authentication > token, iirc not even a *notification* to the AS ref.d, when an RoA is > created. > Anyone of you still thinks RPKI is going to be helpful here? > Bah, it's just going to give another false impression of credibility + new > vectors > for errors and attacks.
I don't actually see what the problem with that is?
With route:/route6: objects, there is a risk of someone creating tons and
tons of route: objects with your AS in it, thus killing the prefix-filter-
building tool and/our the router being fed the prefix-list.
With RPKI there is no "list of prefixes announced by a given AS", so
that particular issue just does not exist (and the RPKI-to-router protocol
works on a prefix/AS pair basis, so it effectively does not matter *which*
AS is referenced, as *all* origin ASes are checked, not "just yours").
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
pgpMyCgUaOYPY.pgp
Description: PGP signature
