[routing-wg] RPKI vulnerable?
- Previous message (by thread): [routing-wg] RPKI vulnerable?
- Next message (by thread): [routing-wg] RPKI vulnerable?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Warren Kumari
warren at kumari.net
Fri Feb 18 16:02:26 CET 2022
On Fri, Feb 18, 2022 at 4:09 AM Job Snijders via routing-wg < routing-wg at ripe.net> wrote: > Hi all, > > It might be the case that the vulnerability is in the realm of > disagreement with some design choices of the past, rather than a > traditional CVE hole in one or more software packages. > I'd certainly hope that it isn't that you can just spoof the valid origin AS... I recently had someone come to me with this *shocking* discovery and ask about how to disclose it. This was the same person who alerted me to the also *shocking* discovery that longest-match wins, and so just twiddling local-pref doesn't save you. W > I found the following paper which touches upon the “assumed trust” aspect > of RPKI in the relationship between Relaying Party and Trust Anchor(s). > > > https://www.researchgate.net/publication/349045074_Privacy_Preserving_and_Resilient_RPKI > > I’m very interested in discussion about cross-signing schemes. > > Kind regards, > > Job > -- > > To unsubscribe from this mailing list, get a password reminder, or change > your subscription options, please visit: > https://lists.ripe.net/mailman/listinfo/routing-wg > -- Perhaps they really do strive for incomprehensibility in their specs. After all, when the liturgy was in Latin, the laity knew their place. -- Michael Padlipsky -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.ripe.net/ripe/mail/archives/routing-wg/attachments/20220218/1d261950/attachment.html>
- Previous message (by thread): [routing-wg] RPKI vulnerable?
- Next message (by thread): [routing-wg] RPKI vulnerable?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]