Shane,
As one operator whose worldwide routing/operations could be negatively
impacted by the above, it would be nice to have a concise statement
about what is/was the original intent of the design of the RPKI with
respect to the above. In addition, it would be useful to see if any
potential remedies/solutions may be employed (and, any associated
overhead/delays/*costs*/etc. they incur) that may be used to mitigate
them /before/ they manifest themself in the network, at which point
operators will be obligated to stop using those 'trusted information
repositories' to directly inform routing.
The intent of the RPKI has always been to create a PKI that parallels
the allocation hierarchy. The downside of
this is that errors, or malicious actions, by orgs at higher tiers have
the potential to adversely impact
resource holders at lower tiers. At certain tiers in the allocation
hierarchy this is true irrespective of the
use of the RPKI. For example, if a targeted entity receives an PA
allocation from an ISP and that ISP is forced
by a LEO to suspend service for that entity, but to still advertise the
sub-allocated prefix, the target has
a problem. if an RIR accidentally allocated the same prefix to two
different entities, there would be a problem
for one or both of them when they tried to advertise the twice-allocated
space. I am working on a doc, to which
I alluded in my reply to Sharon last week, that examines a wide range of
cases in which an organization
in the allocation hierarchy makes an error, or is forced to whack an
allocation. The doc describes ways
that such activity can be detected, and remediation options.
Steve
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
