Hacker News new | past | comments | ask | show | jobs | submit login
US Government Sets Out to Improve Internet Routing Security (infosecurity-magazine.com)
41 points by marsh_mellow 15 days ago | hide | past | favorite | 8 comments



Previously:

https://news.ycombinator.com/item?id=40487419

    Is regulated BGP security coming? (apnic.net)

    123 points by superkuh 3 months ago | hide | past | favorite | 118 comments



https://blog.cloudflare.com/white-house-routing-security/

> Unfortunately, the US is lagging behind: Only 39% of IP prefixes originated by US networks have a valid ROA


It would be helpful if ROAs were allowed for legacy prefixes, without having to sign an RSA or other agreement w/ARIN. I have a /24 ("class C" from the 90's) that I route. I have hesitant to start pay for something I got for free. I think many organizations that were on the early Internet are also in a similar position.


We're in the same boat. We have two /24 (/23) that we advertise through our ISP(s) and we've been hesitant to sign an LSA/RSA because it seems to put us in a position where we may be held to standard and fees that we weren't previously held to.

If there was an easy and straightforward path to onboarding that would go a long way, but every time we look into it the process seems convoluted and unclear with too many options and potential foot guns.


Yep, I have also looked into it and agree it is confusing. I own this /24 as an individual and use it for hobbyist purposes, so try to keep expenses to a minimum. I got my ASN through a RIPE LIR, so it is separate from my ARIN legacy account. My understanding is I could transfer the /24 to RIPE but haven't looked into that much.


How hard/cumbersome is it for a individual/small group to implement RPKI for their ASN? I'm guessing it would involve some sort of collaboration with your LIR?


in Europe, it is like few clicks in RIPE web portal. (I mean to generate and publish own RPKI records.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: