Last night during the SIDR session, I made the suggestion that a matching profile should exist for an AS to say what prefixes it intended to announce. While having matching entries from this proposed profile and the ROA may help prevent some malicious announcements with spoofing the origin AS, I think we are better served by having stronger prefix length control in the ROA.
Thus I'd like to withdraw the suggestion for an originating AS profile. I'd like express support for the ROA format including prefix-length ranges. Going back to our youtube hijack example, if youtube limited the length of the originating prefix length this mitigates the effects of hijacking of more specific prefixes than are present in the ROA. Viable path validation would likely cover more of these cases. Youtube's AS was likely not adjacent to PCCW's. I believe that SIDR should provide a profile that covers viable paths. -- Jeff _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
