bogdancyber via routing-wg wrote on 30/01/2026 23:32:
And the problem is that today's security in BGP is more reactive, it
comes into play only after the attack is detected and damage is done.
So I leave you here the link to the zenodo site where I posted my
invention. https://zenodo.org/records/18421580
the premise here is that you analyse the propagation of routes with
covering ROAs, and score ASNs depending on whether they propagate them
or not. This is reasonable, and possibly useful.
You've made two assumptions that are problematic: 1. that RPKI is the
primary mechanism for blocking propagation of unauthorised announcements
and 2. that a transiting network which implements RPKI is "safe, strict,
and hard to abuse as a hijack-source". Neither of these are particularly
true: IRRDB data still forms the primary front-line at the internet's
edge, and ROAs will not stop anyone from hijacking a prefix if they can
spoof the originating ASN.
Nick
-----
To unsubscribe from this mailing list or change your subscription options,
please visit: https://mailman.ripe.net/mailman3/lists/routing-wg.ripe.net/
As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings.
More details at: https://www.ripe.net/membership/mail/mailman-3-migration/
