> I agree with John's observations. We need to stop making the statement > "no roa == no route", because it's simply not true.
There's something I probably don't understand here... 1. SIDR's ROA/RPKI infrastructure is designed to provide security for route origination. 2. Security for route origination means that you shouldn't be able to advertise routes unless someone in the infrastructure (other than you) has stated (publicly through a signed certificate) "this is a valid route." 3. But... If there's no certificate for a route, it's perfectly fine to advertise it and route to it. It seems, to me, that if the RPKI can't be used to actually validate who owns what route with certainty, we're going to a lot of trouble for nothing... Or maybe folks are trying to have their cake and eat it to. "We'll provide solid security which you can ignore if you like, no problem." I know this goes back to the difference between "unknown," and "invalid," but if all address space which no-one actually claims is open for whatever use anyone wants, then are we really making any progress in any meaningful way? Just a thought... :-) Russ _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
