FW: FW: discussion about rogue database objects
No, I won't do that! I'm against the methods of resolving "problems" which are not exist and I will make all my efforts for not allowing the RPKI to be the only method of doing business. Not very regards, Vladislav -----Original Message----- From: Gert Doering [mailto:gert@space.net] Sent: Thursday, November 13, 2014 11:28 AM To: Potapov Vladislav Cc: gert@space.net; routing-wg@ripe.net Subject: Re: [routing-wg] FW: discussion about rogue database objects Hi, On Thu, Nov 13, 2014 at 12:25:44PM +0400, poty@iiat.ru wrote:
On Wed, Nov 12, 2014 at 11:18:25AM +0400, poty@iiat.ru wrote:
I'm not sure the problem is imminent first hand.
The problem is real, and needs to be fixed. ---- Your word against my word - nothing changed in the world.
Evidence out there demonstrates the problem quite clearly (as can be seen in this thread). My word is irrelevant when there is data to back it. I'm stopping the discussion with you now - you've made it very clear that you are not interested in providing a solution and are not acknowledging that the problem even exists. So please go out of the way and let the people that are interested in solving network hijacking do their work. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Hi Vladislav,
I'm against the methods of resolving "problems" which are not exist
I believe we've already heard of two instances of this problem existing -- the route objects that started this thread off, and Elvis Velea saying it has impacted at least one of his customers. Cheers, Rob
No, I won't do that! I'm against the methods of resolving "problems" which are not exist and I will make all my efforts for not allowing the RPKI to be the only method of doing business.
Then you should invest your time and energy to promote other solutions than rPKI. You may start with using DNSSEC for securing routing information ... There was an IETF draft long long ago.
You may start with using DNSSEC for securing routing information ... There was an IETF draft long long ago.
draft-bates-bgp4-nlri-orig-verif-00.txt 1998. i was one of the authors. we dropped the approach because the dns based approach can only delegate singly, and make before break kinda wants duality. damn ops stuff keeps getting in the way of idealism :) randy
* Randy Bush wrote:
1998. i was one of the authors.
Brushed up and made a testbed to validate the ideas ... later.
participants (4)
-
Lutz Donnerhacke -
poty@iiat.ru -
Randy Bush -
Rob Evans