Jeff Wheeler jsw at
Sun Jan 9 01:09:41 CST 2011

On Sat, Jan 8, 2011 at 10:23 PM, Randy Bush <randy at> wrote:
> but, unlike the other regions, the arin.irr is not confuddled with the
> arin.whois.  i.e. it is kind of irrelevant to the authority on resource
> ownership, arin's real responsibility.

I certainly agree with this, and I am admittedly ignorant of the
history here, but I don't understand why ARIN is operating an IRR that
is very much insecure, instead of just not operating one at all.

> they are just providing a free irr service, as it is the popular thing
> for rirs to do these years.  and i don't think many use it.  if you

In terms of database size, excluding RIPE, the ARIN IRR is the 8th
largest, ahead of ALTDB and about 10% as large as Level3, the second
largest IRR database (except RIPE.)  A mass-corruption of the ARIN IRR
overnight might be a serious incident causing service impact to a
large number of users and businesses, and cause probably thousands of
people to be got out of bed in the middle of the night, but clearly it
would not be a total disaster.

No one is forced to use ARIN IRR, but it's worth asking the question:
why is ARIN a trustworthy steward of RPKI infrastructure if their IRR
is a serious liability to The Internet because of a simple issue like
not supporting password or PGP authentication?  Is this the reason
ARIN is spending time consulting their lawyers?

Jeff S Wheeler <jsw at>
Sr Network Operator  /  Innovative Network Concepts

More information about the NANOG mailing list