On Tue, 21 Apr 2020 at 01:02, Baldur Norddahl <baldur.nordd...@gmail.com> wrote:
> Yes but that makes the hijacked AS path length at least 1 longer which makes > it less likely that it can win over the true announcement. It is definitely > better than nothing. Attacker has no incentive to honor existing AS path, attacker can rewrite it as they wish. Anyhow I think some people think about RPKI in a way too binary manner 'because it is not secure, it is not useful'. Yes, AS_PATH authenticity is an open problem, but this doesn't mean RPKI is useless. Most of our BGP outages are not malicious, RPKI helps a lot there and RPKI creates a higher quality database for prefix origin information than what we have had. -- ++ytti
