On Tue, May 03, 2011 at 09:38:46AM -0700, David Conrad wrote:
In theory, that power exists today, e.g., RIPE could revoke an allocation and remove it from the registration database, resulting in an implicit revocation of all addresses assigned with the address space that had been allocated.
If the NCC (or even a third party) revoke an allocation, nothing happens automatically and immediately. (there might be some SPs that, periodically, check advertisements against the ripedb, I'm not aware of anything like that.) In an automatic RPKI environment, the cert gets revoked and your routing goes away.
I'm not aware of any abuse of the current system.
It's not efficiently abusable, in my opinion. Too many sanity checks.
Is your concern that the new system will make abuse somehow easier?
Hell yes. It not only makes it easier, it makes it *automatic* Kind Regards, Sascha Luck