This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] RPKI Route Origin Validation and AS3333
- Previous message (by thread): [routing-wg] RPKI Route Origin Validation and AS3333
- Next message (by thread): [routing-wg] Call for Presentations - RIPE 82
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Lukas Tribus
lukas at ltri.eu
Sun Mar 21 14:47:23 CET 2021
Hi, On Sun, 21 Mar 2021 at 13:48, Hank Nussbacher <hank at interall.co.il> wrote: > > Monitoring ROV invalids in other people's networks (validators; > > routers) is not possible and I doubt it ever will be. > > > > We managed to create "Certificate Transparency" logs where all CAs send > their certificates so with a little bit of IETF geekery I am sure an RFC > can be designed so that everyone dumps their RPKI drops into some > central stream/repository. Yeah I know - I'm dreaming :-) Logging dropped ROV invalids at the router is not comparable to CT (which is about issuing certificates), but rather HPKP with reporting enabled. However there is no incentive to do this for the folks involved. Browser vendors pushing to enhance WebPKI do that because their business case is tied to that. Router vendors struggle to implement basic RTR support without introducing major operational issues and their business case does not depend on getting it right the first time (actually it is quite the opposite), asking for additional features at this point really is a "dream". There is no direct business case for network operators either. So I would not say this is a realistic endeavour. cheers, lukas
- Previous message (by thread): [routing-wg] RPKI Route Origin Validation and AS3333
- Next message (by thread): [routing-wg] Call for Presentations - RIPE 82
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]