[rpki-deployathon] Loose or strict prefix-length
Mike Mulder mike.mulder at iunxi.eu
Tue Mar 19 11:30:37 CET 2019
Hi all, We currently have a discussion about loose or strict prefix-length defined in the ROAs. What exactly is the win when you do strict? Example: we announce a /22 and in some cases a more specific /24 from that /22, no other prefixes. We have one strict ROA for /22 and 4 strict ROAs for /24 in place. In case of AS-spoofing a malicious party will announce a /24 so that announcement will be VALID. Only the announcement of the 2 /23's will be protected (INVALID) as there are no matching ROAs. If a party intends to do harm by doing AS spoofing the bad already happens. So what is the win of doing strict vs loose, besides protecting the 2 /23's? Are there other possible practical cases I am overlooking here? Thanks, Mike. -- Mike Mulder iunxi BV E: mike.mulder at iunxi.eu T: +31 (0)88 5400516 M: +31 (0)6 43165195 -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.ripe.net/ripe/mail/archives/rpki-deployathon/attachments/20190319/b19bb59d/attachment.html>