> As Randy points out, this is not unique to SIDR-defined RPKI. It is
> applicable to any top-down hierarchical authorization mechanism.
> Security has (non-monetary) costs.
as this derives from address space ownership's dependence on the current
hierarchic administrative allocation model, to fix
On 28/04/2012 14:04, Alex Band wrote:
> At RIPE 63, six months ago, the RIPE NCC membership got a chance to vote
> on RPKI at the general meeting. The result was that the RIPE NCC has the
> green light to continue offering the Resource Certification service,
> including all BGP Origin Validation re
On 29 Apr 2012, at 22:03, David Conrad wrote:
> Alex,
>
> On Apr 29, 2012, at 8:16 AM, Alex Band wrote:
>> All in all, for an RPKI-specific court order to be effective in taking a
>> network offline, the RIR would have to tamper with the registry, inject
>> false data and try to make sure it's
On 29/04/2012 16:16, Alex Band wrote:
> All in all, for an RPKI-specific court order to be effective in taking a
> network offline, the RIR would have to tamper with the registry, inject
> false data and try to make sure it's not detected so nobody applies a
> local override.
You mean, like an FBI
Alex,
On Apr 29, 2012, at 8:16 AM, Alex Band wrote:
> All in all, for an RPKI-specific court order to be effective in taking a
> network offline, the RIR would have to tamper with the registry, inject false
> data and try to make sure it's not detected so nobody applies a local
> override.
I s
On Sun, 29 Apr 2012, Stephane Bortzmeyer wrote:
> > How does this interact with the presence of certificates for
> > supernets, though? That is, suppose an ISP creates a legitimate ROA
> > for 12.0.0.0/8, after ensuring that all of its customers have
> > legitimate ROAs for the various subnet
On Sun, Apr 29, 2012 at 11:28:58AM -0400,
Jennifer Rexford wrote
a message of 37 lines which said:
> How does this interact with the presence of certificates for
> supernets, though? That is, suppose an ISP creates a legitimate ROA
> for 12.0.0.0/8, after ensuring that all of its customers ha
> Thus, removing a certificate or ROA *does NOT* result in an RPKI INVALID
> route announcement; the result is RPKI UNKNOWN.
Which is fine until UNKNOWNs are no longer permitted, a logical next
step. It may not apply globally, initially perhaps just a US anti
terrorist measure requiring all networ
On Sun, 29 Apr 2012 10:30:37 -0400, Abdelkader Chikh Daho said:
> I wan to ask for your feedback about these two devices : Juniper MX960
> with SCB-E and Cisco AS9k with RSP400.
They both work well in some situation, and totally fail in others. It would
help
if you gave more detail what problem
>> the worry in the ripe region and elsewhere is what i call the 'virginia
>> court attack', also called the 'dutch court attack'. some rights holder
>> claims their movie is being hosted in your datacenter and they get the
>> RIR to jerk the attestation to your ownership of the prefix or your RO
On 28 Apr 2012, at 21:28, Phil Regnauld wrote:
> Rubens Kuhl (rubensk) writes:
>>> In case you feel a BGP announcement should not be "RPKI Invalid" but
>>> something else, you do what's described on slide 15-17:
>>>
>>> https://ripe64.ripe.net/presentations/77-RIPE64-Plenery-RPKI.pdf
>>
>> The
Hi everyone,
I wan to ask for your feedback about these two devices : Juniper MX960
with SCB-E and Cisco AS9k with RSP400.
Best regards,
--
Abdelkader Chikh Daho
Network Architect
iWeb Technologies
Email : achikhd...@iweb.com
Web : www.iweb.com
Tel : 514-286-4242 ext 2309
12 matches
Mail list logo