[routing-wg] 2019-08 New Policy Proposal (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space)

Hi,

On Sun, Nov 03, 2019 at 07:12:54PM +0300, Alexander Azimov wrote:
> Let discuss the next scenario: there are two prefixes: x.x.0.0/24 and
> x.x.1.0/24, first one assigned to an ISP, second - unallocated. The
> proposal suggests that RIPE should create ROA with AS0 for x.x.1.0/24. Will
> it stop an attacker from squatting this address space?
> 
> The answer will be No. An attacker will still be able to hijack x.x.0.0/23,
> which will have an 'unknown' status and will be passed on, as a result
> finally capturing traffic for x.x.1.0/24.

This is unfortunate.  But indeed, it would make this change far less
effective for the cases I had in mind.

So I am reconsidering and joining the "it might be somewhat beneficial,
but there are more important RPKI things to fix" camp.

Gert Doering
        -- NetMaster
-- 
have you enabled IPv6 on something today...?

SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Michael Emmer
Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: </ripe/mail/archives/routing-wg/attachments/20191103/dfd1bdd9/attachment.sig>