On May 4, 2011, at 6:40 PM, Martin Millnert wrote:
It's already been said that in order to get the desired use out RPKI in terms of preventing youtube hijacking, a network is required to configure its RPKI-policies strictly.
Thus, an abuse of the network's CA will then also possibly affect peers of this network, who may themselves not use RPKI for any number of reasons.
I understand how it would impact the network which has decided to make use of strict RPKI-based route validation (and therefore the network's customers by extension), but can you explain how it would otherwise effect that network's peers? If a network decides to use any specific technology as the basis of its routing architecture (e.g. route reflectors, an out of band ATM network, etc.) and that technology then fails, is compromised or abused, then the network's peers will be impacted in a very similar manner. I am again left trying to understand how the use of RPKI technology for route assurance affects the networks of those who don't use it (other than in the normal manner that all the routing technology is relied on) Thanks! /John