[routing-wg] RPKI vulnerable?

On Fri, Feb 18, 2022 at 4:09 AM Job Snijders via routing-wg <
routing-wg at ripe.net> wrote:

> Hi all,
>
> It might be the case that the vulnerability is in the realm of
> disagreement with some design choices of the past, rather than a
> traditional CVE hole in one or more software packages.
>



I'd certainly hope that it isn't that you can just spoof the valid origin
AS...

I recently had someone come to me with this *shocking* discovery and ask
about how to disclose it. This was the same person who alerted me to the
also *shocking* discovery that longest-match wins, and so just twiddling
local-pref doesn't save you.

W


> I found the following paper which touches upon the “assumed trust” aspect
> of RPKI in the relationship between Relaying Party and Trust Anchor(s).
>
>
> https://www.researchgate.net/publication/349045074_Privacy_Preserving_and_Resilient_RPKI
>
> I’m very interested in discussion about cross-signing schemes.
>
> Kind regards,
>
> Job
> --
>
> To unsubscribe from this mailing list, get a password reminder, or change
> your subscription options, please visit:
> https://mailman.ripe.net/
>
-- 
Perhaps they really do strive for incomprehensibility in their specs.
After all, when the liturgy was in Latin, the laity knew their place.
-- Michael Padlipsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </ripe/mail/archives/routing-wg/attachments/20220218/1d261950/attachment.html>