nanog mailing list archives
Re: Reaching out to ARIN members about their RPKI INVALID prefixes
From: "Jakob Heitz \(jheitz\) via NANOG" <nanog () nanog org>
Date: Thu, 20 Sep 2018 05:22:20 +0000
Owen, You are correct in that RPKI leaves many problems unsolved. One that it does solve is prefix splitting. If I issue a ROA for prefix 10.1.2.0/23, any announcement of 10.1.2.0/24 (including mine) will be declared INVALID, because that announcement is covered by the ROA and the mask length is longer than maxlen. Of course, as you rightly point out, if I do NOT announce that prefix myself, then anyone is free to announce it anywhere and have it declared VALID just by prepending my ASN. Regards, Jakob. -----Original Message----- Date: Tue, 18 Sep 2018 14:18:55 -0700 From: Owen DeLong <owen () delong com> What does RPKI offer other than a way to know what to spoof in a prepend for your forged announcement?
Current thread:
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes, (continued)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes John Curran (Sep 19)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Christopher Morrow (Sep 18)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes nusenu (Sep 18)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Christopher Morrow (Sep 18)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Owen DeLong (Sep 18)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Christopher Morrow (Sep 18)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes nusenu (Sep 18)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes nusenu (Sep 18)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Christopher Morrow (Sep 18)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes nusenu (Sep 18)
- Re: Reaching out to ARIN members about their RPKI INVALID prefixes Mark Milhollan (Sep 20)