[routing-wg] 2019-08 Review Phase (RPKI ROAs for Unallocated and Unassigned RIPE NCC Address Space)

> If I got feedback in my community they don't feel this needs HSM
> backing, I can avoid the problem.

That sounds logical. It leads me to the question: what's the threat
model for protecting the "RIR AS0 key"? In other words what happens if
an attacker can sign stuff (CAs, ROAs, ...) of their choosing with it
[1]? Depending on the severity of scenarios in the answer [2], the use
of HSM for the TA may or may not make a difference.

Robert

[1] note that in order to "sign stuff of their choosing" does not mean
they need to get the key (which is of course harder when using an HSM).
They only need to convince the system to sign the attacker's blobs,
which is a very different problem.

[2] random ideas:
* does the AS0 TA cover 0/0 or only the unallocated space?
* If someone makes a non-AS0 ROA under this TA, how does that interact
with a ROA from under a different TA?
* does this whole thing matter if some address space (ie. from other
RIRs) is not covered by an AS0 TA anyway?