Paul Vixie vixie at
Sat Jan 8 02:11:13 CST 2011

> Date: Sat, 08 Jan 2011 15:47:51 +0900
> From: Randy Bush <randy at>
> ...
> more recent rumors, and john's posting here, seem to indicate that
> ...

even to the extent that i know what's really happened or happening, i'd
be loathe to comment on rumours.  i have high confidence in arin's board
and staff, and i believe that the right things are happening, even with
the delays.  "right things" as in what's best for the community and for
the internet industry in the arin service region.  as a strong proponent
of rpki and of all things like rpki that will strengthen infrastructure,
i remain delay-tolerant if review is the cost of getting it right.

> first, it would really help if the arin bot and management were much
> more open about these issues and decisions.  at the detailed level.  we
> are all not fools out here, present company excepted :).  for a radical
> example, considering that arin is managing a public resource for the
> community, why are bot meetings not streamed a la cspan?

can you cite some examples of nonprofit companies whose boards operate at
the level of transparency you're asking me to consider in this example?

the process of rolling out something like rpki involves some checks and
balances, it's no longer just a simple matter of the technical people "doing 
the right thing" even though i remember older times when that was the way
most things on the internet worked.

> i do not see how you are going to get rid of the liability.  you have it
> now in whois/irr if i use it for routing (except they are so widely known
> to be bad data that the world knows i would be a fool to bet on them).
> whether the source of a roa is a user whacking on an arin web page or by
> other means, you still attested to the rights to that address space.

my own belief here (not speaking for ARIN or for the ARIN BoT) is that the
folks who use IRR/whois data to build route filters have a confidence level
much lower than those who will use RPKI to do the same will have.  i know
that if i still had "enable" on anything other than my home router, that's
how i'd feel.  also, liability isn't just "got rid of" it's also documented
and risk-managed, and doing that may require some kind of internal review.

> but all this is based on inference and rumor.  can you please be more
> open and direct about this?  thanks.

i don't know.  john (speaking for ARIN) gave an excellent and complete answer
that i completely agree with.  you're repeating some rumours which i won't
comment on one way or the other.  if you have specific questions which were
not answered by john's response or which were raised by john's response you
should ask them.  saying "i heard a rumour, would anyone care to refute it?"
is not going to move the conversational line of scrimmage at all.


More information about the NANOG mailing list