On Fri, 11 Jan 2019, Ca By wrote:
> Thanks for the update that dnssec STILL causes more real world problems
> than it solves.
Do you feel the same way about RPKI?
Misorgination is a real threat we see all the time (threat on uptime, if not more)
That said, i think history has shown we get more kilometers out of good BGP policy control hygiene and IRR data than RPKI. I don’t think that will change in the future. I do wish irr data was better, for many values of better.
My routes are rpki signed. But, my router kit and ops procedure don’t make me enforcing near-term achievable.
--
Mikael Abrahamsson email: swmike@swm.pp.se