AltDB?

Randy Bush randy at psg.com
Sat Jan 8 00:47:51 CST 2011


[ caveat: i am *one of* the architects of all this, and am paid to work
  on it, currently (indirectly) by the usg dhs. ]

for background, the other four rirs have rolled rpki out in the last
weeks, apnic and afrinic with the up/down protocol, ripe web only, and i
am not well informed about lacnic's roll out.  for the geeky, i append
the trust anchor locators for all but afrinic (i'll try to get that).

> even if i thought that the operational impact could be felt in these
> early days when rpki remains an almost completely nonproduction
> service, and i don't think this by the way, i would still say that an
> internal review of a new service is not really something the whole
> community cares about.

well yes and no.  it was important enough that (i have been told) john
announced it on major arin mailing list(s).  and, as we all know, when
info is not openly visible, it gets warped in transmission.  hence the
(i think you are saying) incorrect impression out here that the bot is
questioning rpki roll-out in general.

more recent rumors, and john's posting here, seem to indicate that

  o arin's lawyer, who actually seems to run arin, has created massive
    fud about liability.

  o so arin management is seriously reconsidering a web-only roll-out
    and seriously considering prioritizing being able to delegate the
    authority to the large isps by implementing the up/down protocol
    (draft-ietf-sidr-rescerts-provisioning-09.txt).  i am a big fan of
    up/down.  i am not a big fan of delay.

first, it would really help if the arin bot and management were much
more open about these issues and decisions.  at the detailed level.  we
are all not fools out here, present company excepted :).  for a radical
example, considering that arin is managing a public resource for the
community, why are bot meetings not streamed a la cspan?

i do not see how you are going to get rid of the liability.  you have it
now in whois/irr if i use it for routing (except they are so widely known
to be bad data that the world knows i would be a fool to bet on them).
whether the source of a roa is a user whacking on an arin web page or by
other means, you still attested to the rights to that address space.

but all this is based on inference and rumor.  can you please be more
open and direct about this?  thanks.

randy

---

ripe-ncc-root.tal 
rsync://rpki.afrinic.net/repository/AfriNIC.cer
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsAqAhWIO+ON2Ef9oRDM
pKxv+AfmSLIdLWJtjrvUyDxJPBjgR+kVrOHUeTaujygFUp49tuN5H2C1rUuQavTH
vve6xNF5fU3OkTcqEzMOZy+ctkbde2SRMVdvbO22+TH9gNhKDc9l7Vu01qU4LeJH
k3X0f5uu5346YrGAOSv6AaYBXVgXxa0s9ZvgqFpim50pReQe/WI3QwFKNgpPzfQL
6Y7fDPYdYaVOXPXSKtx7P4s4KLA/ZWmRL/bobw/i2fFviAGhDrjqqqum+/9w1hEl
L/vqihVnV18saKTnLvkItA/Bf5i11Yhw2K7qv573YWxyuqCknO/iYLTR1DToBZcZ
UQIDAQAB
rsync://repository.lacnic.net/rpki/lacnic/RTA_LACNIC_RPKI.cer
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AuR49ZoKS59Vnpq8M0X
djeV3ROqtElwx6sNmUXvWBFPQlZLs2tR5/0MwprIWRi91WnMBVWjsECcLBe7Pu+u
V/tTvPMJRXm/c+l8nR+FhAj7pn4M5A2pHFBndCPc1UrFD+BLACx9DSNiUjzKr1t7
wjHTW+F0NMnZ9g9hKdxDNCFi66BGx2f3TTW3uGns/IPfkxrRCeYtJcBpQ5mKoc8g
QOndiEG/33uXDS9EOe1dycmnaw9EQqxqHp+Bj0TIVoFyfDNuT+soJ3uwtQr2g5Ys
AIxJtmBAZrLj+acmLeQrYC0xQuK118dSAS9r6GSm476m2aGEYtb083fLodeYSEjM
/wIDAQAB
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0URYSGqUz2m
yBsOzeW1jQ6NsxNvlLMyhWknvnl8NiBCs/T/S2XuNKQNZ+wBZxIgPPV
2pFBFeQAvoH/WK83HwA26V2siwm/MY2nKZ+Olw+wlpzlZ1p3Ipj2eNc
Krmit8BwBC8xImzuCGaV0jkRB0GZ0hoH6Ml03umLprRsn6v0xOP0+l6
Qc1ZHMFVFb385IQ7FQQTcVIxrdeMsoyJq9eMkE6DoclHhF/NlSllXub
ASQ9KUWqJ0+Ot3QCXr4LXECMfkpkVR2TZT+v5v658bHVs6ZxRD1b6Uk
1uQKAyHUbn/tXvP8lrjAibGzVsXDT2L0x4Edx+QdixPgOji3gBMyL2V
wIDAQAB




More information about the NANOG mailing list