[as112-ops] RPKI-signature for AS112-Prefixes
Joe Abley
jabley at hopcount.ca
Fri Jul 27 16:22:51 UTC 2018
Hi Matt,
Presumably the same as any other use of route origin validation:
defence against accidental origination of the routes from autonomous
systems other than 112.
ROAs or other origin attestations don't provide any real defence
against malicious origination, so the fact that malicious isn't really
a thing with 112 seems tangential.
There's also the (arguably more dubious) benefit of being seen to
support RPKI in general.
It'd be fairly straightforward for DNS-OARC, as stewards of the
project's number resources, to publish a ROA I think (and I don't
think doing so would do any harm).
Joe
On Jul 27, 2018, at 11:20, Matthew Pounsett <matt at dns-oarc.net> wrote:
>> On Jul 27, 2018, at 04:41, Jens Ott - Opteamax GmbH <jo at opteamax.de> wrote:
>>
>> Hi,
>>
>> I just found that the AS112 prefixes do not have RPKI signatures. I
>> think a project like AS112 should support route-origin-validation.
>>
>> Who ever has the ability to create a signature, would you mind doing so?
>
> The AS112 project, by design, allows anyone to set up and operate an AS112 name server and announce the relevant routes. What would be the goal of doing route origin validation on those routes?
>
> Matt Pounsett
> DNS-OARC Systems Engineering
>
>
> _______________________________________________
> as112-ops mailing list
> as112-ops at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/as112-ops
More information about the as112-ops
mailing list