[anti-abuse-wg] [routing-wg] An arrest in Russia

> RPKI in its current form provides an insulation layer which stops
> certain types of misorigination problems and mitigates others, but has
> almost no impact on the wider question of policy routing.
> 
> RPKI also works quite well from the point of view of incremental
> deployment, i.e. it's not necessary to aim for universal or
> near-universal adoption.
> 
> Policy routing is difficult.  We tried to fix it years ago with RPSL
> and that failed.  There have been several attempts to look at this
> since then but they've all floundered because it's a fundamentally
> complex problem which involves a lot of different areas including
> policy management, i.e.  codification of human judgement; deployment
> of this policy to networking equipment which doesn't have the hooks to
> implement this at scale; how to accurately model a routing policy
> right down to igp / egp interaction so that you have a balance between
> enough scope to describe routing policy at a per-router,
> per-peer-address, per prefix level, but at the same time not making it
> so complex that people would be scared away from implementing it
> reasonably; and many other things.
> 
> RPKI aims to address some specific problems relating to mis-routing -
> cherry picking, if you will - and to provide a 90% solution for those
> problems.

just in case anybody is wondering, i think nick is about right here

except, i think the above is actually about rpki-based origin
validation, aka rov, not the rpki, which is a database

randy