On 2014-10-25 06:57, Sandra Murphy wrote:
Other RIR based RIRs have the same ability to protect prefixes in
their realm of control. (See RFC 2725 RPSS)(*) (I think that APNIC
is doing pretty much as RIPE is.)
Even RIPE is not secure for prefixes outside their region. (There's
one maintainer that anyone can use to register anything for resources
outside the region - password publicly available, etc.)
Non-RIR based IRRs do not have the ability to tie the register-er to
authority for the resource, so they have no base on which to build
the
RIPE sort of security.
Those are fair points Sandy, I agree they need to be resolved.
It's just that RPKI feels like a _really heavy solution to _that
problem. That said, if that problem were solved nearly all of what I
care about with regard to routing security (and inter-domain
anti-spoofing) could be addressed.
-danny
