Hi all,

It might be the case that the vulnerability is in the realm of disagreement with some design choices of the past, rather than a traditional CVE hole in one or more software packages.

I found the following paper which touches upon the “assumed trust” aspect of RPKI in the relationship between Relaying Party and Trust Anchor(s).

https://www.researchgate.net/publication/349045074_Privacy_Preserving_and_Resilient_RPKI

I’m very interested in discussion about cross-signing schemes.

Kind regards,

Job