> Loss of a ROA (e.g. due to an attack on the RPKI system) does not > cause a _reachability event_ if folks are using best practices for > route precedence; that's what was implied in the paper and is wrong. > Successful attacks against the RPKI system do have an impact, but it > is simply that you are again vulnerable to route hijacking.
How often do you think an attacker would bother with taking out a ROA without taking out the route as well? But this misses the larger point --if the ROAs are supposed to provide security, then either: 1. Removing the ROAs is a problem in terms of increased risk, which is a problem which needs to be addressed. -OR- 2. Removing the ROAs isn't a problem, in which case we have to ask --why bother? You're trying to have your cake and eat it to. ROAs are important unless they're not important, and you can't tell the difference by looking at the RPKI system itself. :-) Russ _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
