randy at psg.com
Sat Jan 8 00:47:51 CST 2011
[ caveat: i am *one of* the architects of all this, and am paid to work
on it, currently (indirectly) by the usg dhs. ]
for background, the other four rirs have rolled rpki out in the last
weeks, apnic and afrinic with the up/down protocol, ripe web only, and i
am not well informed about lacnic's roll out. for the geeky, i append
the trust anchor locators for all but afrinic (i'll try to get that).
> even if i thought that the operational impact could be felt in these
> early days when rpki remains an almost completely nonproduction
> service, and i don't think this by the way, i would still say that an
> internal review of a new service is not really something the whole
> community cares about.
well yes and no. it was important enough that (i have been told) john
announced it on major arin mailing list(s). and, as we all know, when
info is not openly visible, it gets warped in transmission. hence the
(i think you are saying) incorrect impression out here that the bot is
questioning rpki roll-out in general.
more recent rumors, and john's posting here, seem to indicate that
o arin's lawyer, who actually seems to run arin, has created massive
fud about liability.
o so arin management is seriously reconsidering a web-only roll-out
and seriously considering prioritizing being able to delegate the
authority to the large isps by implementing the up/down protocol
(draft-ietf-sidr-rescerts-provisioning-09.txt). i am a big fan of
up/down. i am not a big fan of delay.
first, it would really help if the arin bot and management were much
more open about these issues and decisions. at the detailed level. we
are all not fools out here, present company excepted :). for a radical
example, considering that arin is managing a public resource for the
community, why are bot meetings not streamed a la cspan?
i do not see how you are going to get rid of the liability. you have it
now in whois/irr if i use it for routing (except they are so widely known
to be bad data that the world knows i would be a fool to bet on them).
whether the source of a roa is a user whacking on an arin web page or by
other means, you still attested to the rights to that address space.
but all this is based on inference and rumor. can you please be more
open and direct about this? thanks.
More information about the NANOG