> RPKI in its current form provides an insulation layer which stops > certain types of misorigination problems and mitigates others, but has > almost no impact on the wider question of policy routing. > > RPKI also works quite well from the point of view of incremental > deployment, i.e. it's not necessary to aim for universal or > near-universal adoption. > > Policy routing is difficult. We tried to fix it years ago with RPSL > and that failed. There have been several attempts to look at this > since then but they've all floundered because it's a fundamentally > complex problem which involves a lot of different areas including > policy management, i.e. codification of human judgement; deployment > of this policy to networking equipment which doesn't have the hooks to > implement this at scale; how to accurately model a routing policy > right down to igp / egp interaction so that you have a balance between > enough scope to describe routing policy at a per-router, > per-peer-address, per prefix level, but at the same time not making it > so complex that people would be scared away from implementing it > reasonably; and many other things. > > RPKI aims to address some specific problems relating to mis-routing - > cherry picking, if you will - and to provide a 90% solution for those > problems.
just in case anybody is wondering, i think nick is about right here except, i think the above is actually about rpki-based origin validation, aka rov, not the rpki, which is a database randy