[176618] in North American Network Operators' Group
Re: ARIN's RPKI Relying agreement
daemon@ATHENA.MIT.EDU (Randy Bush)
Fri Dec 5 20:51:58 2014
X-Original-To: nanog@nanog.org
Date: Sat, 06 Dec 2014 03:27:48 +0900
From: Randy Bush <randy@psg.com>
To: Nick Hilliard <nick@foobar.org>
In-Reply-To: <5481E4B3.6010607@foobar.org>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Multipart_Sat_Dec__6_03:27:46_2014-1
Content-Type: text/plain; charset=US-ASCII
>>> rpki might work at scale.
>> ohhh noooooooooo!
>
> rtconfig + prefix lists were never going to work at scale, so rpsl based
> filters were mostly only ever deployed on asn edges rather than dfz core
> inter-as bgp sessions. This meant that the damage that a bad update might
> cause would be relatively limited in scope. RPSL's scaling limitations do
> not apply to rpki, so in theory the scope for causing connectivity problems
> is a good deal greater. So if e.g. ARIN went offline or signed some broken
> data which caused Joe's Basement ISP in Lawyerville to go offline globally,
> you can probably see why ARIN would want to limit its liability.
if it works, it is scary and must be stopped! and arin is doing such a
great job of that.
--Multipart_Sat_Dec__6_03:27:46_2014-1
Content-Type: text/plain; charset=US-ASCII
randy
--Multipart_Sat_Dec__6_03:27:46_2014-1--
