ARIN / RIR Pragmatism (WAS: Re: RADB)
Danny McPherson
danny at tcb.net
Sat Oct 25 15:23:45 UTC 2014
On 2014-10-25 06:57, Sandra Murphy wrote:
> Other RIR based RIRs have the same ability to protect prefixes in
> their realm of control. (See RFC 2725 RPSS)(*) (I think that APNIC
> is doing pretty much as RIPE is.)
>
> Even RIPE is not secure for prefixes outside their region. (There's
> one maintainer that anyone can use to register anything for resources
> outside the region - password publicly available, etc.)
>
> Non-RIR based IRRs do not have the ability to tie the register-er to
> authority for the resource, so they have no base on which to build
> the
> RIPE sort of security.
Those are fair points Sandy, I agree they need to be resolved.
It's just that RPKI feels like a _really heavy solution to _that
problem. That said, if that problem were solved nearly all of what I
care about with regard to routing security (and inter-domain
anti-spoofing) could be addressed.
-danny
More information about the NANOG
mailing list