home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
X-Original-To: nanog@nanog.org From: John Curran <jcurran@arin.net> To: Alex Band <alexb@ripe.net> Date: Sat, 6 Dec 2014 18:26:05 +0000 In-Reply-To: <D37733D0-86E9-4F22-9502-515DC48566A8@ripe.net> Cc: North American Network Operators' Group <nanog@nanog.org> Errors-To: nanog-bounces@nanog.org On Dec 6, 2014, at 3:27 AM, Alex Band <alexb@ripe.net> wrote: >=20 > If ARIN (or another other RIR) went offline or signed broken data, all si= gned prefixes that previously has the RPKI status "Valid", would fall back = to the state "Unknown", as if they were never signed in the first place. Th= e state would NOT be "Invalid".=20 Alex -=20 Depends on the nature of the error... In cases of overclaiming, the current validation algorithm could result in "Invalid". This could happen, for example, if major ISP were to initiate transfer of some number resources to their business unit in another region, and then fail locally to swing to certs with the reduced resource=20 list in a timely manner... All of the remaining prefixes in the existing cert would be deemed "invalid" and that could easily result in some very significant disruption for those validating w/RPKI. (i.e. as noted in <draft-ietf-sidr-rpki-validation-reconsidered-00>) FYI, /John John Curran President and CEO ARIN
home | help | back | first | fref | pref | prev | next | nref | lref | last | post |