Di Ma wrote:
The RPKI itself does not necessarily indicates signing BGP messages.
...
Given the BGPSEC deployment and application is more complicated and might have a long to way to go overwhelming, I would suggest the RSOs work with RIR to publish their ROAs as they employ the RPKI “as a potential way to assure route origin authenticity in the future” .
all rpki use today is prospective. it relies on people publishing ROAs even knowing that there's no benefit (nobody is rejecting unsigned routes or even preferring signed over unsigned paths) and some cost (as people begin to actually verify, both the verification and the signing will at first be fragile and error-prone). i am likely to participate in this prospective rpki activity, personally, because as with ipv6 and dnssec, there is a significant last-mover advantage, which means somebody has to go first when it still makes no sense, and that's what i always do. i do not however agree that the RSO's ought to participate in this road-paving exercise. they should sign when it makes actual sense on that day for them to sign -- not to enable some idealized future. -- P Vixie