This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/address-policy-wg@ripe.net/
[address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
- Previous message (by thread): [address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
- Next message (by thread): [address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
boggits
boggits at gmail.com
Mon May 9 15:24:15 CEST 2011
On 9 May 2011 14:02, Gert Doering <gert at space.net> wrote: > Hi, > > On Thu, May 05, 2011 at 05:11:33AM -0400, Martin Millnert wrote: >> > "Considering invalid routes for BGP decision process is a pure ***local policy matter*** and should be done with utmost care." (Emphasis mine) >> >> I am hoping you can give some practical examples on how one goes about >> considering routes invalid with utmost care. > > You could, for example, adjust routing preference in accordance to > the availability of an RPKI signature Yes, this is a good use for RPKI from a technical PoV it means that those routes that are signed are given a better chance of attracting the traffic... ... but some would say that splitting your networking to /24 for traffic management purposes is good from a technical PoV. I like the idea of the contents of the DB being signed so people can check the accuracy (and validity) of the contents - what I don't like is the move to an automated on router solution that checks for validity on the fly (and that seems to be where people want this to go) because that leads to a system where someone controlling the source of the data can then influence my routing decisions. Maybe its the fact that RIPE are providing the full solution as well as the ability to publish the information thats the issue, if rather than the NCC creating a tool for validation it just published the keys and the software tools for people to do the validation themselves then I might be happier. J -- James Blessing 07989 039 476
- Previous message (by thread): [address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
- Next message (by thread): [address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]