[128804] in North American Network Operators' Group
Re: Lightly used IP addresses
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Aug 16 12:45:56 2010
To: Joe Maimon <jmaimon@ttec.com>
In-Reply-To: Your message of "Mon, 16 Aug 2010 09:57:51 EDT."
<4C6943DF.4070702@ttec.com>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 16 Aug 2010 12:44:43 -0400
Cc: John Curran <jcurran@arin.net>,
North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1281977083_4155P
Content-Type: text/plain; charset=us-ascii
On Mon, 16 Aug 2010 09:57:51 EDT, Joe Maimon said:
> Kind of interesting to consider how a successful implementation of RPKI
> might change the rules of this game we all play in. I tried talking
> about that at ARIN in Toronto, not certain I was clear enough.
I'm not at all convinced this would help all that much. A PKI would allow
better verification of authentication - but how many providers currently have
doubts about who the other end of their BGP session is? I'm sure most of the
ones who care have already set up TCPMD5 and/or TTL hacks, and the rest
wouldn't deploy an RPKI.
The real problem is authorization - and the same people who don't currently
apply filtering of BGP announcements won't deploy a PKI.
So the people who care already have other tools to do most of the work, and
the ones who don't care won't deploy. Sure it may be nice and allow automation
of some parts of the mess, but I'm not seeing a big window here for it being
a game-changer.
If somebody has a good case for how it *will* be a game-changer, I'm all ears.
--==_Exmh_1281977083_4155P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFMaWr7cC3lWbTT17ARAt0zAKCLPxbs4ibe5Kl/CZrQcPO0ugdf4ACeJ3Sl
pTvKqNmb5m/dxczD07syhN0=
=/VEy
-----END PGP SIGNATURE-----
--==_Exmh_1281977083_4155P--
