Neither a DNS based solution nor the RPKI will resolve path attacks,
I want to be sure of the terminology: what is deployed presently is the bundle RPKI+ROA. As their name say, ROA can only be used against origin attacks. But RPKI can be used for other things than RPKI+ROA, including BGP-sec (against path-based attacks), no?
The RPKI can provide the keying infrastructure on which a mechanism to "protect the path," (controversial terminology in and of itself) could be based. Is that the right basis for path validation? I don't know that we should assume this. But key distribution is the easy part of the problem here. The hard part is determining what we're trying to protect and what the tradeoffs are in trying to defend against those attacks. BGP-SEC assumes we care about verifying the path a "routing object" takes through the network, we don't much care about replay attacks, policy is off the table (except one policy specific folks care about), and operators are willing to replace their hardware specifically to resolve this problem. Is this the right set of presuppositions to make? The provider community, IMHO, hasn't really participated too much in this entire discussion, so we don't really know the answers to this question. Russ