That could be attacked as well. Then we will have something to tell
that an entry exists for the table that tells that roas exists.
:)
What we probably need need is something that flags that a Certificate
or a ROA has disappeared in the last X time. Then as operator we could
take the action to decide if this was an attack or a valid revocation.
Regards,
as
On 3/20/13 5:20 PM, Russ White wrote:
>
>>> It seems, to me, that if the RPKI can't be used to actually validate who
>>> owns what route with certainty, we're going to a lot of trouble for
>>> nothing... Or maybe folks are trying to have their cake and eat it to.
>>> "We'll provide solid security which you can ignore if you like, no
>>> problem."
>>
>> Routing policy has always been left to the local operator. You suggest a
>> change to a mandated global common policy. I don't think that could ever
>> fly with the operators.
>
> Of course --but clearly there is a difference between "not present," and
> "under attack," something the current RPKI codes don't take into account.
>
>> So a flag day would be preferable, when everyone would be required to have
>> certified their address space?
>
> Since it's going to take 20 years to deploy anyway (according to various
> comments at the mic over the years, and on this and other lists)...
>
> Or perhaps we need a way of telling whether something should have an
> entry or not.
>
> :-)
>
> Russ
>
>
> _______________________________________________
> sidr mailing list
> sidr@ietf.org
> https://www.ietf.org/mailman/listinfo/sidr
>
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
