[routing-wg] [anti-abuse-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space) to be discussed on Routing Working Group Mailing List

Hi

> On 23 Dec 2019, at 11:39, Randy Bush <randy at psg.com> wrote:
> 
> erik,
> 
>> Personally, I'm not in favour of this policy as I don't like the NCC
>> to start to injecting ROA's that are not allocated or assigned to
>> members or end-users.
>> 
>> I think it sets the wrong precedence for the community and it could
>> open up for scope creep to abuse the system for other usage.  So on
>> that regards, I wouldn't mind if the proposal would be dropped.
> 
> first, as $subject says, if anywhere, this should be in the routing wg.
> let us resist the inclination to make what was the anti spam wg the net
> police, judge, and jury.
> 
> on the proposal itself, i am of two minds.  while i see negligible
> initial harm, it's not clear it will do a lot of good.  and i see your
> point about the slippery slope of mission creep.
> 
> i do find it amusing that it uses the singular case where an ROV origin
> can not be 'usefully' forged.  i.e. the attacker can not postpend AS 0
> and have it accepted.  but this cute factor still does not sell the
> proposal to me.

I agree with the above. Further, as Alexander Azimov pointed out: people can just announce a *less* specific, which will be "Not Found" even if an AS0 ROA exists for more specific. And because there is no competing (valid/not found) announcement they will attract the traffic.

So, it seems that these AS0 ROAs will not be very effective.


Tim