On 03/05/2013 19:08, Christopher Morrow wrote: > hopefully it won't involve people being brave :) hopefully good measurement > and metrics lead us to a position where things 'just work' and we can do it > with confidence! :)
dropping prefixes means that you're ok about not having reachability to a prefix if its roa pops up as "unknown". This could be because the prefix holder hasn't bothered to register their prefix in the rpki (i.e. sloppiness), or it could be because the ROA has been revoked for some reason (e.g. because of hijacking). For sure, a router can't tell the difference. >From a deployment point of view, there's a pretty big gap between poking around with rpki and actually dropping prefixes on your routers. I don't see that the rpki data will be good enough for the latter any time soon, but maybe one day. Nick
