On Mar 11, 2008, at 12:00 PM, Sandra Murphy wrote: > > I understand that the effect of RIRs on routing will be more > apparent, but I don't understand saying they have no impact today.
They don't actually 'route' anything. > For RIRs whose database is a comingled resource and routing database > (e.g., RIPE), That's different, that's IRRs, not RIRs. > a billing dispute can effect the RIPE IRR which many people use in > routing operations. And the whois is also frequently consulted in > making routing decisions. What? Can you explain what you mean hear? Do you mean someone looks at whois before annoucning a route? That's WAY different than an RIR revoking an allocation and explicitly triggering a withdraw from the routing system. > And in any RIR, problems at the RIR level could lead to retraction > of your prefix allocation and assignment to someone else. (Recall > the social engineering prefix hijacking of a few years back.) That > sounds to me like a pretty severe impact on what gets routed. Yeah, now imagine when operators have no control over this, the attack surface just gained a new dimension. But I would state that today that system flow is not automated. > So this might look new, but I don't see that the risk is larger. Build a threat matrix and add an RIR that now has revocation capabilities that explicitly impact global reachability of a given prefix. That does NOT exist today. > Of course, there's always the "the relying parties choose what > importance to place on the RPKI" caveat. Yes, but what's changed is that peers are now relying on it as well, and therefore may not accept my routes. That's never been in the mix before. -danny _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
