constraining RPKI Trust Anchors

• Previous message (by thread): constraining RPKI Trust Anchors
• Next message (by thread): constraining RPKI Trust Anchors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Isn’t this sort of related to the AS-0 ROA effort a while back (except some of the RIRs rejected it, unfortunately)?

I suspect that the same reasons behind rejection of AS-0 will also apply to RIR implementation of something like this, so plans to address that (and revive AS-0 perhaps) might also be a worthy effort.

Owen


> On Oct 11, 2023, at 01:01, Martin Pels <martin+nanog at rodecker.nl> wrote:
> 
> Hi Job,
> 
> I think this is important work.
> 
> As you indicated in your mail you have spent quite some time compiling the constraints files in the appendix. Keeping them up to date requires tracking allocations and policy developments in all RIRs. It reminds me of bogon filters for unallocated IP space, and the associated problems of networks not updating them[0].
> 
> So while each RP should be able to make policy decisions based on its own local criteria, managing a default set of constraints is something that is best done centralized. Who do you envision should manage these lists? RP software maintainers? RIRs? Others?
> 
> [0] https://archive.nanog.org/meetings/nanog33/presentations/deitrich.pdf, slide 4
> 
> Kind regards,
> Martin

• Previous message (by thread): constraining RPKI Trust Anchors
• Next message (by thread): constraining RPKI Trust Anchors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]