This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] 2019-03 and over-reach
- Previous message (by thread): [anti-abuse-wg] 2019-03 and over-reach
- Next message (by thread): [anti-abuse-wg] 2019-03 and over-reach
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Carlos Friaças
cfriacas at fccn.pt
Sun Mar 24 12:18:12 CET 2019
Hi, (please see inline) On Sat, 23 Mar 2019, Ronald F. Guilmette wrote: > > In message <be3751fd-3b12-b73b-71ec-8f012191161f at foobar.org>, > Nick Hilliard <nick at foobar.org> wrote: > >> RPKI adoption is now taking off in a big way - see AT&T's recent >> announcement and NTT's plans. Commoditisation of RPKI support for IXP >> route servers will be available within weeks. > > The AT&T announcement was indeed heartening. > > Can you see if you can drag a few IXP people into this conversation (please)? Nick is part of "IXP people" afaik for a long time. I am too, although i'm more into the "IXP security people" set nowadays :-) In general, i think IXP people will do everything they can to minimize hijacker's goals, especially if they receive a complaint from customer X saying customer Z is hijacking a prefix and they are announcing it to customer X (and possibly other customers). That's where RPKI and route servers get into the picture -- if hijacked prefix announcements were not made directly, RPKI on route servers might stop those announcements, and even if RPKI is not applied on route servers, they could hold the proof that an hijack was made. But the main point here about 2019-03 is that RPKI on route servers, or even recording all announcements through route servers will not happen overnight, and it will not solve hijacks made through direct peerings where the receiving end is not discarding the "bad prefix" through RPKI. Again, there are tools with enough maturity than can be used to protect each and every of the 60000+ ASNs from hijacks, but the "issue" between the chair and a keyboard makes something in the line of 2019-03 still needed. > If they all say that this proposal is pointless, and that the problem will > be essentially solved in time for Vappu, then it probably would then be > a reasonable choice to set this on the back burner, just for a bit, to see > how things really shake out. > > I think we all understand that just because RPKI support may be available, > that doesn't mean that anybody who hasn't already done so is actually going > to deploy it. So it would be Good to hear what the actual plans are. Essentially agreeing with Ronald, i think anyone could also argue that people without the ability to use RPKI shouldn't be playing the BGP game, but i certainly prefer to think that intentional and persistens hijackers shouldn't be allowed (by the community) to keep playing the BGP game. :-) Best Regards, Carlos > Regards, > rfg >
- Previous message (by thread): [anti-abuse-wg] 2019-03 and over-reach
- Next message (by thread): [anti-abuse-wg] 2019-03 and over-reach
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]