CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2024/12/02 07:55:02
Modified files:
usr.sbin/rpki-client: extern.h main.c output.c rpki-client.8
Log message:
If AS0 TALs are provided, by default omit VRPs derived from such AS0 TALs
AS0 TALs represent unmitigated operational risks: what if the RIR by
accident marks some IP space as 'unassigned'?
APNIC notes in their limitation of liability statement:
"""
Depending on router configuration, errors in the AS0 ROA could
cause unintended interruption to routing with other networks.
For this reason, it is strongly recommended that the AS0 ROA is
used for advisory and/ or alerting purposes only, and not for
automatic filtering of BGP routes.
"""
https://www.apnic.net/community/security/resource-certification/apnic-limitations-of-liability-for-rpki-2/
Guard usage of AS0 TALs behind new '-0' option
OK deraadt@ tb@
