On Wed, May 5, 2021 at 10:49 AM Randy Bush <ra...@psg.com> wrote: > > the web pki is not associated with ip address space control/ownership. > > web pki is based on control of domain name space. the two are quite > > unrelated. > > note that the rpsl, the inetnum: objects, are not well secured and > authenticated. this is a bit embarrassing. and, in some regions, > the lack of authentication is notorious. >
Okay, now we're getting somewhere. Do you say this because RPKI is not employed universally, or because the inetnum: objects are somehow not covered by RPKI? > hence the hack to use the well-authenticated rpki to sign those data > covered by it for those concerned with real authenticity. > How does a client know that an IP range specified in the geodata feed is valid under a given RPKI signature? I.e., that the given AS has authority over that IP range? Kyle
_______________________________________________ OPSAWG mailing list OPSAWG@ietf.org https://www.ietf.org/mailman/listinfo/opsawg
