On Jun 06, "Mullally, Ronan via connect-wg" <connect-wg@ripe.net> wrote:
> But if a bad actor manages to masquerade as somebody else’s ASN, > either directly or via ‘downstream’ routes then neither of the above > help. If anything there is a risk that if we blindly consider a route > that matches a route object / ROA to be beyond doubt we may be less > able to identify such actions. Of course, this is obvious. But we are trying to solve only one aspect of the problem: by not using anymore the unauthenticated IRRs we will have removed a whole class of possibile hijackings. For the others indeed other technologies will be needed. -- ciao, Marco
signature.asc
Description: PGP signature
_______________________________________________ connect-wg mailing list connect-wg@ripe.net https://lists.ripe.net/mailman/listinfo/connect-wg To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/connect-wg
