On Wed, May 5, 2021 at 10:49 AM Randy Bush <randy@xxxxxxx> wrote:
> the web pki is not associated with ip address space control/ownership.
> web pki is based on control of domain name space. the two are quite
> unrelated.
note that the rpsl, the inetnum: objects, are not well secured and
authenticated. this is a bit embarrassing. and, in some regions,
the lack of authentication is notorious.
Okay, now we're getting somewhere. Do you say this because RPKI is not employed universally, or because the inetnum: objects are somehow not covered by RPKI?
hence the hack to use the well-authenticated rpki to sign those data
covered by it for those concerned with real authenticity.
How does a client know that an IP range specified in the geodata feed is valid under a given RPKI signature? I.e., that the given AS has authority over that IP range?
Kyle
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
