On Thu, Dec 8, 2022 at 1:45 AM Heasley <h...@shrubbery.net> wrote: > > > > Am 12/7/22 um 22:25 schrieb Don Beal <d...@depref.net>: > > > How can RPKI / OV prevent such a leak when there is no ROA for 2000::/12, > > > If all ASes participated, no „unknowns“, unknowns could be dropped, …. >
yea that might be a tad dangerous today :( and don's right :( unknown is hard today :( (darn you don for being practical! :) ) crud.. but iRR filters! :) > what would 6762|2914|174|* invalidate against? Until a future where > everything is 'valid', RPKI is unable to pare out less-specific conflicts. > > It does look like 3356 pulled the announcement, which is good. > > > On Thu, Dec 8, 2022 at 4:48 AM Christopher Morrow <morrowc.li...@gmail.com> > wrote: >> >> On Wed, Dec 7, 2022 at 11:25 PM Ryan Hamel <administra...@rkhtech.org> wrote: >> > >> > AS3356 has been announcing 2000::/12 for about 3 hours now, an aggregate >> > covering over 23K prefixes (just over 25%) of the IPv6 DFZ. >> > >> > >> >> interesting that this is leaking outside supposed RPKI OV boundaries as well. >> For example: >> 6762 3356 >> 2914 3356 >> 174 3356 (apologies to 174, I forget if they signed up to the 'doin >> ov now' plan)
