On (2014-09-01 21:34 +0000), Sriram, Kotikalapudi wrote: Hi Sriram, Please help me understand the argument.
Some Org. D can maliciously announce a subprefix under Org. C's prefix, and get away with it due to the 'Loose' mode.
So C is advertising valid 192.0.2.0/24 Is D advertising valid 192.0.2.0/23? This is unfixable problem? If D is advertising invalid or unknown, C would still work and win, as longest prefix match is done first to the 'valid' population, if search is found, other populations are not searched.
I think, 'Loose mode', if used at all, should not be used beyond a short grace period.
We need to be pragmatic and ready to compromise. Right now deploying RPKI puts you in competitive disadvantage, loose mode would remove the business risk and make it easier to justify deployment. -- ++ytti