On Thu, Jun 06, 2024 at 05:52:50AM +0200, Marco d'Itri wrote:
We are aware of this, but it is not relevant because as you noted there are still ~50% of prefixes which are not protected by RPKI.
It's amusing RPKI deployment never is enough. When we were at 5% people said it wasn't relevant, when we were at 10% it wasn't relevant, now we are at 50% (with 70% of IP traffic being forwarded to RPKI-valid destinations!) and its still not relevant?
As long as non-authoritative IRRs are used then it will be possible to hijack both allocated and unallocated IP space by creating bogus route/route6 objects.
For allocated: you can simply use IRRDv4's route object preference feature. And, for both allocated and unallocated IP space: if neither the RPKI nor the RIR-managed IRRDBs contain any information about a given prefix, the non-RIR managed database could be the right information. This is the case especially for legacy space.
You point out some issues with the IANA official registries, but I am not sure why this would be relevant. My analysis only used networks.csv from ARIN to determine which networks are "ARIN legacy", which is what matters here: networks which CANNOT be registered in an authoritative IRR.
Well, the draft proposal starts with a whole paragraph about IANA managing all IP space; and I think one can easily challenge this specific characterization of the current state of affairs. Kind regards, Job