Note that such certs could be issued by IANA even if each RIR is a "default" TA, and used by RP software as an independent check on the consistency of the RPKI TA certs issued by RIRs to themselves.
Steve, Can you expand upon this comment? Would this be a normal model to operate or is there some offshoot?
Somewhat related... Here's one of my issues with multiple RIRs being TAs. Some RIRs invest much more heavily in security than others, and NONE currently have an operational role in routing on the Internet (this talk of weekends, holidays, et al., illustrates the issue). If someone were to launch a targeted attack they could first compromise the least secure RIR (TA), and then they can do what they wish and affect ANY resource, right?. Whereas, with a single TA model, the attack surface would only involve a single RIR and IANA up my validation path, is that correct? What other factors should be considered here? What about security of the repository in a multi-TA model, are there things that should be considered there? -danny _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
