Phillip Hallam-Baker wrote:
There is a big difference in real engineering (i.e. outside a
university) between a solution that only addresses part of a problem
and one that is 'useless'.
Perhaps, you don't recognize the fact that BGP routing is global.
In observed attacks and in simulations, the IP-AS number attack is
much more significant than the routing layer attack in most
circumstances.
I'm not sure what are the IP-AS attack and the routing layer attack
and whether you are worrying about attacks today or year 3010.
So, before continuing discussion, I think you should write a draft
precisely defining problems including the attacks. The draft may
be more than 100 pages long.
It should be noted, however, that, it is likely that I point out the
attacks are identical, if I have enough time to read everal lines of
the draft. Note that:
A Profile for Route Origin Authorizations (ROAs)
draft-ietf-sidr-roa-format-06.txt
says:
The primary purpose of the Internet IP Address and AS Number Resource
Public Key Infrastructure (RPKI) system is to improve routing
security.
There are many security concerns that BGP security could address. The
only concerns for which a BGP security solution is essential is to
prevent Denial of Service attacks and to prevent hijacking of IPv4
space
The point of previous discussion was that RPKI is useless for such
prevention. Read the ML log.
after exhaustion is reached.
With A+P, it will be reached in year 3010 or later.
Masataka Ohta
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf