Lukas, True. But I am actually not sure why RPKI state could not just expire by itself say every 12 months unless renewed by the owner ? Just like DNS name fee :)
Thx, R. On Fri, May 8, 2020 at 12:02 PM Lukas Tribus <[email protected]> wrote: > Hello Robert, > > On Fri, 8 May 2020 at 11:42, Robert Raszuk <[email protected]> wrote: > > See when you sign a block then sell this block without removing your RPKI > > signature, then the block gets cutted into chunks and sold further - and > no > > one in this process of transaction chain cares about RPKI - this entire > > story of using this for validation becomes pretty weak. And this is no > > longer NOT-FOUND. You get false INVALIDs which some may apply to suppress > > or drop. > > Well it's the IRR's job to get this right, and update RPKI data and/or > remove obsolete delegations. Just like with reverse-DNS objects. > > It's not like when you are buying a new block, you can't use reverse > DNS on those new IPs. And RPKI needs to be updated just the same, by > the IRR. > > I'd assume some IRR's are better than others when it comes to handling > those things. > > > Lukas > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
