Hi, On Sun, Nov 03, 2019 at 07:12:54PM +0300, Alexander Azimov wrote: > Let discuss the next scenario: there are two prefixes: x.x.0.0/24 and > x.x.1.0/24, first one assigned to an ISP, second - unallocated. The > proposal suggests that RIPE should create ROA with AS0 for x.x.1.0/24. Will > it stop an attacker from squatting this address space? > > The answer will be No. An attacker will still be able to hijack x.x.0.0/23, > which will have an 'unknown' status and will be passed on, as a result > finally capturing traffic for x.x.1.0/24.
This is unfortunate. But indeed, it would make this change far less
effective for the cases I had in mind.
So I am reconsidering and joining the "it might be somewhat beneficial,
but there are more important RPKI things to fix" camp.
Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?
SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
signature.asc
Description: PGP signature
