Valdis.Kletnieks@vt.edu wrote:
On Mon, 16 Aug 2010 09:57:51 EDT, Joe Maimon said:
Kind of interesting to consider how a successful implementation of RPKI might change the rules of this game we all play in. I tried talking about that at ARIN in Toronto, not certain I was clear enough.
I'm not at all convinced this would help all that much. A PKI would allow better verification of authentication - but how many providers currently have doubts about who the other end of their BGP session is? I'm sure most of the ones who care have already set up TCPMD5 and/or TTL hacks, and the rest wouldn't deploy an RPKI.
The real problem is authorization - and the same people who don't currently apply filtering of BGP announcements won't deploy a PKI.
So the people who care already have other tools to do most of the work, and the ones who don't care won't deploy. Sure it may be nice and allow automation of some parts of the mess, but I'm not seeing a big window here for it being a game-changer.
What you are saying is that you have doubts that there will be a successful implementation of RPKI that will properly secure BGP.
If somebody has a good case for how it *will* be a game-changer, I'm all ears.
However, Randy's point seemed me to be one I had brought up before. Can the RiR's still pass the theoretical fork test if RPKI were to be successfully and globally deployed? I am glad to hear that others who are likely far more competent than I are seriously examining the issue and seem to have similar concerns. The topic of this sub-thread isnt about the technological challenge of securing BGP and the routing of prefixes, it is about the political implications of successfully doing so and what the resulting impact on operations may be. Joe