[routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space)
- Previous message (by thread): [routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space)
- Next message (by thread): [routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Carlos Friaças
cfriacas at fccn.pt
Sat Nov 2 10:52:36 CET 2019
Hi, (please see inline) On Fri, 1 Nov 2019, Gert Doering wrote: > Hi, > > On Fri, Nov 01, 2019 at 07:09:42AM +0100, Job Snijders wrote: >> So we really have to wonder whether this is worth it, or whether a few >> emails or phone calls can also solve the issue. > > Isn't that the whole question underlying RPKI deployment? > > What is it that we want to stop with RPKI? Only classic "prefix hijacking" > (announcing space that is formally delegated somewhere) With RPKI alone, mistakes. But when in doubt if network X has rights over network Y, it's rather simple to ask network X to create a proper ROA for network Y. If that *doesn't* happen, maybe some conclusions can be drawn. (there is a recent thread on the NANOG list where someone raised that "feature"...) > or other misuses > of BGP, like "announce unallocated space, use that for spamming or other > sorts of network attacks, withdraw announcement before people can track > things back to you". >From *one* computer security emergency response team's angle: RPKI is a good first step. Then, hopefully, ASPA can be added at some point. Playing the quick withdraw game will only work (and it is working, i suspect!) until people start understanding they need to log who announces what to them (24/7/365). Speaking about "network attacks" -- there is a lot of focus about the address space being hijacked, while major focus should be on those who receive the announcements. While it's terrible for the people/networks being impersonating, the potential targets are really everyone... ps: i wish to express support for 2019-08 in its current form. Cheers, Carlos > Gert Doering > -- NetMaster > -- > have you enabled IPv6 on something today...? > > SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer > Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann > D-80807 Muenchen HRB: 136055 (AG Muenchen) > Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 >
- Previous message (by thread): [routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space)
- Next message (by thread): [routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]