21 Apr
2020
21 Apr
'20
1:38 a.m.
On Tue, 21 Apr 2020 at 01:02, Baldur Norddahl <baldur.norddahl@gmail.com> wrote:
Yes but that makes the hijacked AS path length at least 1 longer which makes it less likely that it can win over the true announcement. It is definitely better than nothing.
Attacker has no incentive to honor existing AS path, attacker can rewrite it as they wish. Anyhow I think some people think about RPKI in a way too binary manner 'because it is not secure, it is not useful'. Yes, AS_PATH authenticity is an open problem, but this doesn't mean RPKI is useless. Most of our BGP outages are not malicious, RPKI helps a lot there and RPKI creates a higher quality database for prefix origin information than what we have had. -- ++ytti