cross-registry interactions was Re: BGP ... & PKI...
Edward Lewis
Ed.Lewis at neustar.biz
Wed Dec 7 15:18:01 UTC 2005
At 17:06 -1000 11/23/05, Randy Bush wrote:
>i have been whining about the problems of cross-registry operation
>for over a decade, formally, informally, presos, ... i have had it
>on every rir's meeting agenda (except lacnic) for many years. do i
>need to iterate for every ort of service the registries provide?
Sometimes I think you are right about this and sometimes I think you
are wrong about this. It just may be that you are thinking only
about the "right" half, but "operation" of the registry to some means
the policy process too.
Where I see this as "wrong" is: There are five distinct RIRs for a
reason, to be attuned to local needs. The domain name industry has
one "RIR" asserting authority and we see the political fallout of
that. Having the five RIRs locked together would certainly benefit
(usually the larger) organizations that deal across RIR boundaries,
most likely (and I say that without certainty or accusation) to the
detriment of smaller organizations tuned to the needs within one RIR.
I think it's very important that we keep the policy processes - the
decision making part, and even discussion - separate. Yes, that
means it takes a long time to get a "global" (effectively, one
involving IANA) policy through.
On the other hand, you are "right" when it comes to the technical
services rendered and the interfaces used. That's because the use of
the data is global, no doubt about that. A student sending mail from
Africa to Asia will traverse two or three RIR area networks, just to
show how 1 consumer can cause a cross-RIR event.
One of the dynamics I see happening now is that the RIRs are
independently developing some advanced services. RIPE into DNSSEC,
APNIC into certificates, LACNIC into IRIS and unifying the RIR WhoIs
data. These advancements happen locally much faster than globally,
as is true with any innovation. "Failed" attempts at advancement will
be easier to recover from too. Eventually we want these services to
be global, but in development I expect differences.
>we are the registries' customers. many of us, especially the ones
>who pay the registries the most, have to deal with multiple
>registries. can the registries please get over the inter-registry
>rivalry and make life more reasonable for us, the paying members?
Keep in mind that the RIRs were originally cobbled together out of
different cloth. Unifying the service interface will take an
investment in doing that. This is why I have made comments at ARIN
meetings about providing technical input to ARIN - trying to define a
way to have the community, or even just the membership, inform ARIN
on what service interfaces we would like to see in an open,
reviewable arena. ARIN has this for policies, but the path towards
service upgrades is not as well defined.
It's one thing to lay heat at the feet of organizations, it's another
to make clear the reason for the heat.
>where as before i was merely inclined, this has just made me an
>extremely strong proponent of the isp web of trust identity model.
The upside of this is that it directly addresses the routing problem
- ISPs get to determine who they trust for the data they rely on. On
the other hand, ultimately a web of trust has to fair to newcomers,
not rely on superficial "popularity", and obviously scaleable.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-571-434-5468
NeuStar
3 months to the next trip. I guess it's finally time to settle down and
find a grocery store.
More information about the NANOG
mailing list