>>> rpki might work at scale. >> ohhh noooooooooo! > > rtconfig + prefix lists were never going to work at scale, so rpsl based > filters were mostly only ever deployed on asn edges rather than dfz core > inter-as bgp sessions. This meant that the damage that a bad update might > cause would be relatively limited in scope. RPSL's scaling limitations do > not apply to rpki, so in theory the scope for causing connectivity problems > is a good deal greater. So if e.g. ARIN went offline or signed some broken > data which caused Joe's Basement ISP in Lawyerville to go offline globally, > you can probably see why ARIN would want to limit its liability.
if it works, it is scary and must be stopped! and arin is doing such a great job of that.
randy
