> On 5 Dec 2014, at 18:00, Nick Hilliard <n...@foobar.org> wrote: > > On 05/12/2014 11:47, Randy Bush wrote: >>>> and the difference is? >>> rpki might work at scale. >> >> ohhh noooooooooo! > > So if e.g. ARIN went offline or signed some broken > data which caused Joe's Basement ISP in Lawyerville to go offline globally, > you can probably see why ARIN would want to limit its liability.
If ARIN (or another other RIR) went offline or signed broken data, all signed prefixes that previously has the RPKI status "Valid", would fall back to the state "Unknown", as if they were never signed in the first place. The state would NOT be "Invalid". What is the likelihood of Joe's Basement ISP being filtered by anyone because their BGP announcements are RPKI "Unknown", as if they weren't participating in the opt-in system? It seems as if the argumentation is built around "RIR messes up == ISPs go offline", but that isn't a realistic scenario IMO, because no operator in their right mind would drop prefixes with the state "Unknown". You could only realistically do that if all 550,000 Announcements in the DFZ are covered by a ROA. Not soon, if ever. -Alex
