[afnog] Another case for RPKI ?
Job Snijders
job at ntt.net
Wed Nov 14 17:48:19 UTC 2018
Dear Mbong Hudson Ekwoge,
You no zero technical arguments why you liken RPKI to "patching up an
already faulty package". I don't think you do justice to RPKI's value
or to the people deploying RPKI based BGP Origin Validation.
For there to be *any* routing security, in BGP-4 or BGP-5 or
BGP-never, we *at least* need a database which presents us with an
overview of what prefix can be originated by what Autonomous System.
This database must be verifiable, programmatically accessible, and an
open standard. RPKI meets all these requirements.
I look forward to your proposal for BGP-4's successor!
Kind regards,
Job
On Wed, Nov 14, 2018 at 6:43 PM Mbong Hudson Ekwoge <hudson at yourvmbg.com> wrote:
>
> @Job - what part of my assessment doesn’t sit well with you? For technicality, look at how the native features of BGP led to the mentioned incident. Lastly, the end product of any release will require new code to be written. Just like we came up with IPv6 as a complete replacement for v4, a new version of BGP released will address the “mistakes” of the past while supporting the features which empower new types of workflows.
>
> On Wed, 14 Nov 2018 at 20:54, Job Snijders <job at ntt.net> wrote:
>>
>> Dear Mbong Hudson Ekwoge,
>>
>> On Wed, Nov 14, 2018 at 5:44 PM Mbong Hudson Ekwoge <hudson at yourvmbg.com> wrote:
>> > Implementing RPKI is like patching up an already faulty package. Perhaps it’s time we look into releasing a newer version of BGP with native safeguards put in place to avoid the pitfalls we know of already.
>>
>> I disagree with your assessment and would like to see you back this up
>> with technical arguments. Also note that there is no new version of
>> BGP laying around. BGP-4 is all we have.
>>
>> Kind regards,
>>
>> Job
>
> --
> Kind Regards
> Mbong Hudson Ekwoge
> Mob: +230 592-86076
More information about the afnog
mailing list