[ppml] /48 vs /32 micro allocations

[Paul Vixie]

> > If hijacking a /48 turns out to make folks more visible or easier to
> > track, why wouldn't they just hijack /32s instead?  There's lots and
> > lots of unused IPv6 space to pick from.
> 
> My point there was that a /32 represents a sizable address block,
> which if hijacked would presumably get a large number of folks' (and
> possibly service providers') attention, and might be a bit harder to
> get away with than ripping off something substantially smaller, like a
> /48.

i don't see it.  either the routing table is going to have enough things
in it to make isp and enterprise multihoming possible, which is to say
"hundreds of thousands," or the routing table is going to be for tier-1
and early adopters, which is to say "hundreds."  in the former case
another /32 won't be noticed.  in the latter, even a /48 would be
noticed.  without end to end bgp authentication, the routing table is
insecure, and block size isn't a factor.

> This is all in the context of the discussion thread on SPAM activity:
> a scam which benefits more from hijacking active blocks for sourcing
> forged mail, rather than unused ones.

without end to end bgp authentication, spammers will find "pink" ISP's
who will allow temporary injection of a route (probably never the same
one twice), spam like hell for about ten minutes, and then withdraw the
route before the "traceroute-bots" can do their work.  block size won't
be a factor other than that if it's a /48 it'll likely be inside some
existing /32 rather than standalone, just to be able to hide better.

block size is just not a factor.