In message <CAA=nHSKbOHc7vSk5O+oPQ8459HyCk=t8pY8CZbHx+yhBE1tFkQ@mail.gmail.com> George Michaelson <ggm@apnic.net> wrote:
the easy to use solution is to require external data to be signed by RPKI certificates from another RIR's system.
1) its time limited: all signed objects have a lifetime 2) its secure (as secure as PKI) 3) it doesn't require massive effort to implement: a well formed object can be specified by anyone, and then signed by the prime resource holder using a certificate covering the resources. The receiving side can validate it directly.
Thats pretty much what I said to the microphone of the routing wg meeting.
Sounds good to me! Could it be made to happen, um, yesterday? Regards, rfg P.S. I'm still a bit befuddled by what happened in this case. Would it be a fair characterization to say that what AS201640 has done in this case is to exploit a kind of loophole which is uniquely present only when the hijacker/squatter AS is registered in one RiR and the IP blocks that are being hijacked/squatted are registered in a different RiR? Also, could this scenario have been replicated if the origin AS had been registered in/by ARIN, APNIC, LACNIC, or AFRINIC, rather than RIPE? If so, then a proper sort of fix will necessarily involve all five RiRs, no?