nanog mailing list archives

Re: RPKI unknown for superprefixes of existing ROA ?

From: William Herrin <bill () herrin us>
Date: Sun, 22 Oct 2023 09:57:08 -0700

On Sun, Oct 22, 2023 at 9:38 AM Tom Beecher <beecher () beecher cc> wrote:

He's saying that someone could come along and advertise 0.0.0.0/1 and
128.0.0.0/1 and by doing so they'd hijack every unrouted address block
regardless of the block's ROA.

RPKI is unable to address this attack vector.



https://www.rfc-editor.org/rfc/rfc6483

Section 4



A ROA with a subject of AS 0 (AS 0 ROA) is an attestation by the
holder of a prefix that the prefix described in the ROA, and any more
specific prefix, should not be used in a routing context.


And is it your belief that this addresses the described attack vector?
AFAICT, it does not.

Regards,
Bill Herrin


-- 
William Herrin
bill () herrin us
https://bill.herrin.us/

Current thread:

Re: Acceptance of RPKI unknown in ROV, (continued)
- - - Re: Acceptance of RPKI unknown in ROV Randy Bush (Oct 19)
    - Re: Acceptance of RPKI unknown in ROV Dale W. Carder (Oct 20)
- RPKI unknown for superprefixes of existing ROA ? Amir Herzberg (Oct 21)
  - Re: RPKI unknown for superprefixes of existing ROA ? Mark Tinka (Oct 21)
    - Re: RPKI unknown for superprefixes of existing ROA ? William Herrin (Oct 21)
    - Re: RPKI unknown for superprefixes of existing ROA ? Amir Herzberg (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Job Snijders via NANOG (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? William Herrin (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? William Herrin (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? William Herrin (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? William Herrin (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Owen DeLong via NANOG (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Amir Herzberg (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Tom Beecher (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Job Snijders via NANOG (Oct 22)
    - Re: RPKI unknown for superprefixes of existing ROA ? Owen DeLong via NANOG (Oct 24)
    - Re: RPKI unknown for superprefixes of existing ROA ? Job Snijders via NANOG (Oct 24)

(Thread continues...)