On Sun, Oct 22, 2023 at 9:38 AM Tom Beecher <beec...@beecher.cc> wrote: >> He's saying that someone could come along and advertise 0.0.0.0/1 and >> 128.0.0.0/1 and by doing so they'd hijack every unrouted address block >> regardless of the block's ROA. >> >> RPKI is unable to address this attack vector. > > > https://www.rfc-editor.org/rfc/rfc6483 > > Section 4 >> >> >> A ROA with a subject of AS 0 (AS 0 ROA) is an attestation by the >> holder of a prefix that the prefix described in the ROA, and any more >> specific prefix, should not be used in a routing context.
And is it your belief that this addresses the described attack vector? AFAICT, it does not. Regards, Bill Herrin -- William Herrin b...@herrin.us https://bill.herrin.us/
