[routing-wg] AS201640

In message <CAA=nHSKbOHc7vSk5O+oPQ8459HyCk=t8pY8CZbHx+yhBE1tFkQ at mail.gmail.com>
George Michaelson <ggm at apnic.net> wrote:

>the easy to use solution is to require external data to be signed by RPKI
>certificates from another RIR's system.
>
>1) its time limited: all signed objects have a lifetime
>2) its secure (as secure as PKI)
>3) it doesn't require massive effort to implement: a well formed object can
>be specified by anyone, and then signed by the prime resource holder using
>a certificate covering the resources. The receiving side can validate it
>directly.
>
>Thats pretty much what I said to the microphone of the routing wg meeting.

Sounds good to me!

Could it be made to happen, um, yesterday?


Regards,
rfg


P.S.  I'm still a bit befuddled by what happened in this case.  Would it
be a fair characterization to say that what AS201640 has done in this
case is to exploit a kind of loophole which is uniquely present only
when the hijacker/squatter AS is registered in one RiR and the IP blocks
that are being hijacked/squatted are registered in a different RiR?

Also, could this scenario have been replicated if the origin AS had
been registered in/by ARIN, APNIC, LACNIC, or AFRINIC, rather than
RIPE?  If so, then a proper sort of fix will necessarily involve all
five RiRs, no?