Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs....

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs....


Chronological Thread 
    < Chronological >      < Thread >
  • From: John Kristoff <>
  • To: "" <>
  • Cc: "" <>
  • Subject: Re: [Security-WG] [External] Re: Seeking advice on BCP for ROAs....
  • Date: Wed, 15 May 2019 09:57:16 -0500
On Wed, 15 May 2019 14:35:02 +0000
"" <> wrote:

> Which means IU would create a ROA for 129.79.0.0/16-24 to cover the
> case where a more specific is being scrubbed….which creates the same
> problem…so still seeking folks’ thoughts on the questions.

There may not be a perfect solution, but on the bright side, loose ROAs
aren't actually making the problem worse compoared to use of RPKI at all
so there is that. ROV is really only helpful for accidents anyway, so
if you do monitoring too, you're far beyond where most people will be
at and likely able to better respond to the more sophisticated
threats. Solve for the 95% common case and document who to respond in
the 5% chance attack?

John

Archive powered by MHonArc 2.6.19.

Top of Page