| ▲ | hugo1789 4 hours ago | |
I think RPKI is good enough. As we have TLS on top it doesn't need to be perfect. | ||
| ▲ | maltalex 3 hours ago | parent | next [-] | |
Only with certificate pinning or something similar. Otherwise, the attacker can get valid TLS certificates for any domain hosted on the hijacked IP addresses. | ||
| ▲ | rot256 3 hours ago | parent | prev | next [-] | |
For LetsEncrypt, routing is authentication: if packets routed to the IP in the A record end up at your place, you can get a cert for that domain. | ||
| ▲ | zymhan 2 hours ago | parent | prev [-] | |
Those two things address orthogonal issues | ||