[arin-ppml] implementing RPKI prefix validation actually increases risk

Job Snijders job at fastly.com
Tue Jun 6 17:31:42 EDT 2023


On Tue, Jun 06, 2023 at 05:22:26PM -0400, John Santos wrote:
> BTW: RPKI appears to be a total mess: according to
> <https://blog.apnic.net/2021/03/15/which-rpki-related-rfcs-should-you-read/>,
> there are 40 different RFCs relating to RPKI!  Yikes!

Describing the RPKI as a 'total mess' certainly is one way of looking at
it, another perspective is that the RPKI is a multi-decade cumulative
project to which hundreds of people contributed significant portions of
their life for the betterment of Internet routing (including many ARIN
staff!). RPKI-ROV has prevented countless misconfigurations and hijacks.

A recent and welcome trend in the development of RPKI RFCs is that newer
RFCs tend to be more thoroughly specified, are based on actual properly
tested running code, informed by scientific peer-reviewed research, and
oftentimes are simplifications or clarifications of earlier RPKI RFCs.

For comparison: check out the state of DNS ;-) https://powerdns.org/dns-camel/

I sent this message with a smile and a wink, I won't deny the RPKI
indeed is a complicated technology with many moving parts. Many people
are working hard to keep the complexity managable.

Kind regards,

Job



More information about the ARIN-PPML mailing list