my point is that right now authentication is mntner-based and
most access-list generation depends on an as-macro. so what's
to stop me from changing my as-macro to contain a few thousand
ASs and then config'ing my router to announce a zillion
prefixes? filtering as we know it today doesn't protect
against this .. the upstream provider would have to manually
intervene. even if the access-list generation depended on
as-in/as-out policy instead of just as-macros, and the tools
had some knowledge of what ASs were downstream to allow for
AS-path filtering as well as prefix-based, then i could still
just register zillions of prefixes with appropriate origins
and config my router to announce those zillions of prefixes
with appropriate AS-paths
all i'm saying is that parts of the system are fragile and
registries can't be viewed as a silver bullet
/jws