cross-registry interactions was Re: BGP ... & PKI...

Wed Dec 7 15:18:01 UTC 2005

At 17:06 -1000 11/23/05, Randy Bush wrote:

>i have been whining about the problems of cross-registry operation
>for over a decade, formally, informally, presos, ...  i have had it
>on every rir's meeting agenda (except lacnic) for many years.  do i
>need to iterate for every ort of service the registries provide?

Sometimes I think you are right about this and sometimes I think you 
are wrong about this.  It just may be that you are thinking only 
about the "right" half, but "operation" of the registry to some means 
the policy process too.

Where I see this as "wrong" is: There are five distinct RIRs for a 
reason, to be attuned to local needs.  The domain name industry has 
one "RIR" asserting authority and we see the political fallout of 
that.  Having the five RIRs locked together would certainly benefit 
(usually the larger) organizations that deal across RIR boundaries, 
most likely (and I say that without certainty or accusation) to the 
detriment of smaller organizations tuned to the needs within one RIR.

I think it's very important that we keep the policy processes - the 
decision making part, and even discussion - separate.  Yes, that 
means it takes a long time to get a "global" (effectively, one 
involving IANA) policy through.

On the other hand, you are "right" when it comes to the technical 
services rendered and the interfaces used.  That's because the use of 
the data is global, no doubt about that.  A student sending mail from 
Africa to Asia will traverse two or three RIR area networks, just to 
show how 1 consumer can cause a cross-RIR event.

One of the dynamics I see happening now is that the RIRs are 
independently developing some advanced services.  RIPE into DNSSEC, 
APNIC into certificates, LACNIC into IRIS and unifying the RIR WhoIs 
data.  These advancements happen locally much faster than globally, 
as is true with any innovation. "Failed" attempts at advancement will 
be easier to recover from too.  Eventually we want these services to 
be global, but in development I expect differences.

>we are the registries' customers.  many of us, especially the ones
>who pay the registries the most, have to deal with multiple
>registries.  can the registries please get over the inter-registry
>rivalry and make life more reasonable for us, the paying members?

Keep in mind that the RIRs were originally cobbled together out of 
different cloth.  Unifying the service interface will take an 
investment in doing that.  This is why I have made comments at ARIN 
meetings about providing technical input to ARIN - trying to define a 
way to have the community, or even just the membership, inform ARIN 
on what service interfaces we would like to see in an open, 
reviewable arena.  ARIN has this for policies, but the path towards 
service upgrades is not as well defined.

It's one thing to lay heat at the feet of organizations, it's another 
to make clear the reason for the heat.

>where as before i was merely inclined, this has just made me an
>extremely strong proponent of the isp web of trust identity model.

The upside of this is that it directly addresses the routing problem 
- ISPs get to determine who they trust for the data they rely on.  On 
the other hand, ultimately a web of trust has to fair to newcomers, 
not rely on superficial "popularity", and obviously scaleable.
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

3 months to the next trip.  I guess it's finally time to settle down and
find a grocery store.