14 Oct
2021
14 Oct
'21
4:14 p.m.
Matthew Walster wrote on 11/10/2021 12:46:
ASPA without BGPsec is barely different to RPSL. Yes, I am squinting very hard to make that conclusion, but essentially if I have to trust RIPE NCC are doing the right thing with their RPKI trust anchor, I might as well just get the results of the policy statements (aut-num records) without all the cryptographical stuff in the way that does not help at all in terms of ease of use.
Not sure I agree. ASPA makes ROV more resistant to prepending attacks up to the level one may live with without signing the whole path. ASPA may even help identifying route leaks, while BGPSEC can't. This is, of course, orthogonal to Job's proposal. And the draft needs more work. Andrei