On Wed, Sep 19, 2018 at 12:51 AM nusenu <nusenu-li...@riseup.net> wrote:
> Owen DeLong: > > Personally, since all RPKI accomplishes is providing a > > cryptographically signed notation of origin ASNs that hijackers > > should prepend to their announcements in order to create an aura of > > credibility, I think we should stop throwing resources down this > > rathole. > > regardless of how one might think about RPKI, there are ROAs out > there that reduce the visibility/reachability of certain prefixes and the > general assumption is that announced prefixes would like to be reachable > even if the operator doesn't care about RPKI and ROAs from the past > anymore, he most likely cares > about reachability from a pure operational point of view. > > So, a lot like dnssec ... if you enable the RPKI functions (publish roas) I think it's very much a responsibility of the publisher to provide the correct information in an on-going and stable manner. This seems bad, at first blush, but you will not always be here to offer these recalcitrant folk a pointer to how to fix themselves, and TODAY there's: "little" penalty when it comes to getting this RPKI thing wrongly... So, ideally the folk who are 'doin it wrong' can learn, get operational proceses/procedures/personnel in place and take action for the long term... right? :) > my email was not about: "How much does one like RPKI?" > sorry, 'most' emails that mention RPKI are: "how much do you like the flavor of rpki?" :) > it is about whether it is acceptable that RIRs (and more specifically ARIN > in this mailing list's context) > notify affected parties of their prefixes that suffer from stale ROAs. > This I still think is a bad plan.. mostly because I don't think it'll help :( I think what helps is: "Oh, I cant get to <foo> and <bar> and <most of the internet>" .... I think folk that CARE will do the right thing, folk that 'think they care' won't and will soon get disconnected from the tubez. I apologize a tad if my view that: "breaking people will force them to fix themselves" is .... rough :( Even if one dislikes RPKI entirely the opinion could still be "yes > notifying those parties makes sense > to restore reachability". > > > -- > https://twitter.com/nusenu_ > https://mastodon.social/@nusenu > >
