----- Original Message -----
From: "William Herrin" <bill@herrin.us>
So, you represent to your ISP that you're authorized to use a certain range of addresses. He represents to his upstream that he's authorized to use them on your behalf, and so on.
The former is a first-hand transaction: if you're lying to your edge carrier, he can cut you off with no collateral damage. The latter, though, is arms-length, *and* has no reasonable way to be implemented that I can see without extending whatever OAM&P system that carrier has atop their gear.
The reliability of these representations obviously falls at they grow distant from the source. So what? That's a problem for RPKI. The problem we need concern ourselves with is dropping packets whose source addresses are inconsistent with our customer's _representation_ of the addresses he's authorized to originate, however reliable or unreliable that representation may turn out to be.
That's great, but that's a couple orders of magnitude of added complexity that, quite frankly Bill, I can't sell just now. :-) Worse (to bring this ontopic for NANOG): that complexity needs to live *inside routers*, unless I'm very much mistaken. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274