This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/routing-wg@ripe.net/
[routing-wg] Add BGPsec support to Hosted RPKI?
- Previous message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?
- Next message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andrei Robachevsky
robachevsky at isoc.org
Thu Oct 14 16:14:38 CEST 2021
Matthew Walster wrote on 11/10/2021 12:46: > ASPA without BGPsec is barely different to RPSL. Yes, I am squinting > very hard to make that conclusion, but essentially if I have to trust > RIPE NCC are doing the right thing with their RPKI trust anchor, I might > as well just get the results of the policy statements (aut-num records) > without all the cryptographical stuff in the way that does not help at > all in terms of ease of use. Not sure I agree. ASPA makes ROV more resistant to prepending attacks up to the level one may live with without signing the whole path. ASPA may even help identifying route leaks, while BGPSEC can't. This is, of course, orthogonal to Job's proposal. And the draft needs more work. Andrei
- Previous message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?
- Next message (by thread): [routing-wg] Add BGPsec support to Hosted RPKI?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]