[address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call

On 9 May 2011 14:02, Gert Doering <gert at space.net> wrote:
> Hi,
>
> On Thu, May 05, 2011 at 05:11:33AM -0400, Martin Millnert wrote:
>> > "Considering invalid routes for BGP decision process is a pure ***local policy matter*** and should be done with utmost care."  (Emphasis mine)
>>
>> I am hoping you can give some practical examples on how one goes about
>> considering routes invalid with utmost care.
>
> You could, for example, adjust routing preference in accordance to
> the availability of an RPKI signature

Yes, this is a good use for RPKI from a technical PoV it means that
those routes that are signed are given a better chance of attracting
the traffic...

... but some would say that splitting your networking to /24 for
traffic management purposes is good from a technical PoV.

I like the idea of the contents of the DB being signed so people can
check the accuracy (and validity) of the contents - what I don't like
is the move to an automated on router solution that checks for
validity on the fly (and that seems to be where people want this to
go) because that leads to a system where someone controlling the
source of the data can then influence my routing decisions.

Maybe its the fact that RIPE are providing the full solution as well
as the ability to  publish the information thats the issue, if rather
than the NCC creating a tool for validation it just published the keys
and the software tools for people to do the validation themselves then
I might be happier.

J
-- 

James Blessing
07989 039 476