On Sep 19, 2018, at 00:46 , nusenu <nusenu-lists@riseup.net> wrote:
Owen DeLong:
Personally, since all RPKI accomplishes is providing a cryptographically signed notation of origin ASNs that hijackers should prepend to their announcements in order to create an aura of credibility, I think we should stop throwing resources down this rathole.
regardless of how one might think about RPKI, there are ROAs out there that reduce the visibility/reachability of certain prefixes and the general assumption is that announced prefixes would like to be reachable even if the operator doesn't care about RPKI and ROAs from the past anymore, he most likely cares about reachability from a pure operational point of view.
Yep… And the easy recipe for one which doesn’t care about RPKI to restore reachability is “delete the ROAs”.
my email was not about: "How much does one like RPKI?”
I have no impression that it was. I thought it was about “Should we consume more RIR resources dealing with this additional pain likely to be caused by RPKI?”
it is about whether it is acceptable that RIRs (and more specifically ARIN in this mailing list's context) notify affected parties of their prefixes that suffer from stale ROAs.
I agree with Mr. Morrow that this would end in pain.
Even if one dislikes RPKI entirely the opinion could still be "yes notifying those parties makes sense to restore reachability”.
Agreed. However, whether I liked RPKI or not, I’d still say that notification by the RIRs is prone to sadness. My initial intent was merely to state that I prefer the RIRs not waste additional resources on this, including notification. Owen