On Thu, Jun 06, 2024 at 05:52:50AM +0200, Marco d'Itri wrote: > We are aware of this, but it is not relevant because as you noted > there are still ~50% of prefixes which are not protected by RPKI.
It's amusing RPKI deployment never is enough. When we were at 5% people said it wasn't relevant, when we were at 10% it wasn't relevant, now we are at 50% (with 70% of IP traffic being forwarded to RPKI-valid destinations!) and its still not relevant? > As long as non-authoritative IRRs are used then it will be possible to > hijack both allocated and unallocated IP space by creating bogus > route/route6 objects. For allocated: you can simply use IRRDv4's route object preference feature. And, for both allocated and unallocated IP space: if neither the RPKI nor the RIR-managed IRRDBs contain any information about a given prefix, the non-RIR managed database could be the right information. This is the case especially for legacy space. > You point out some issues with the IANA official registries, but I am > not sure why this would be relevant. My analysis only used networks.csv > from ARIN to determine which networks are "ARIN legacy", which is what > matters here: networks which CANNOT be registered in an authoritative > IRR. Well, the draft proposal starts with a whole paragraph about IANA managing all IP space; and I think one can easily challenge this specific characterization of the current state of affairs. Kind regards, Job _______________________________________________ connect-wg mailing list [email protected] https://lists.ripe.net/mailman/listinfo/connect-wg To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/connect-wg
