jsw at inconcepts.biz
Sun Jan 9 01:09:41 CST 2011
On Sat, Jan 8, 2011 at 10:23 PM, Randy Bush <randy at psg.com> wrote:
> but, unlike the other regions, the arin.irr is not confuddled with the
> arin.whois. i.e. it is kind of irrelevant to the authority on resource
> ownership, arin's real responsibility.
I certainly agree with this, and I am admittedly ignorant of the
history here, but I don't understand why ARIN is operating an IRR that
is very much insecure, instead of just not operating one at all.
> they are just providing a free irr service, as it is the popular thing
> for rirs to do these years. and i don't think many use it. if you
In terms of database size, excluding RIPE, the ARIN IRR is the 8th
largest, ahead of ALTDB and about 10% as large as Level3, the second
largest IRR database (except RIPE.) A mass-corruption of the ARIN IRR
overnight might be a serious incident causing service impact to a
large number of users and businesses, and cause probably thousands of
people to be got out of bed in the middle of the night, but clearly it
would not be a total disaster.
No one is forced to use ARIN IRR, but it's worth asking the question:
why is ARIN a trustworthy steward of RPKI infrastructure if their IRR
is a serious liability to The Internet because of a simple issue like
not supporting password or PGP authentication? Is this the reason
ARIN is spending time consulting their lawyers?
Jeff S Wheeler <jsw at inconcepts.biz>
Sr Network Operator / Innovative Network Concepts
More information about the NANOG