On Mon, 16 Aug 2010 09:57:51 EDT, Joe Maimon said:
Kind of interesting to consider how a successful implementation of RPKI might change the rules of this game we all play in. I tried talking about that at ARIN in Toronto, not certain I was clear enough.
I'm not at all convinced this would help all that much. A PKI would allow better verification of authentication - but how many providers currently have doubts about who the other end of their BGP session is? I'm sure most of the ones who care have already set up TCPMD5 and/or TTL hacks, and the rest wouldn't deploy an RPKI. The real problem is authorization - and the same people who don't currently apply filtering of BGP announcements won't deploy a PKI. So the people who care already have other tools to do most of the work, and the ones who don't care won't deploy. Sure it may be nice and allow automation of some parts of the mess, but I'm not seeing a big window here for it being a game-changer. If somebody has a good case for how it *will* be a game-changer, I'm all ears.