[arin-announce] ARIN Resource Certification Update

Jeff Wheeler jsw at inconcepts.biz
Sun Jan 30 18:37:30 CST 2011

On Sun, Jan 30, 2011 at 12:40 PM, Owen DeLong <owen at delong.com> wrote:
> Because they publish data you have signed. They don't have the ability
> to modify the data and then sign that modification as if they were you if
> they aren't holding the private key. If they are holding the private key,
> then, you have, in essence, given them power of attorney to administer
> your network.
> If you're OK with that, more power to you. It's not the trust model I would
> prefer.

I suspect that many users would prefer to trust ARIN with their
private keys, if offered that choice.  The reasons are simple;
adoption will be more wide-spread if RPKI is easier to do; and as we
all know, there are an awful lot of BGP networks which are:
* on auto-pilot, with no clued in-house staff and no stable
relationships with outside clue
* driven by people who are somewhere between totally clueless and
capable of understanding public-key encryption
* driven by over-worked people who simply don't have time for another
to-do of any complexity

Many users would benefit from the kind of hosted service that is made
available by, for example, RIPE.  In fact, if they felt they could
trust ARIN (or any alternative service which may exist), most of my
clients would be perfectly fine with such a service, and I would not
advise them to do otherwise without a valid business reason and a
belief that equal or superior security would be provided by not using
such a hosted service.  Since ARIN holds ultimate authority over the
ISP's address space anyway, if ARIN's private keys become compromised,
whether or not you held onto your own keys will not matter to the rest
of the world.

If I understand correctly, John has expressed that ARIN's concern is
they may be sued if their hosted service fails to perform, and that
ordinary contractual language may be unable to limit damages if the
reality is that the service-customer has no other choice but to use
the ARIN service.  This is clearly not a legitimate concern if there
is an alternative to such an ARIN hosted service, such as using no
hosted service at all, or the possibility of using another one.

I don't see how the lack of ARIN providing a hosted service
immediately in any way prevents them from doing so in the future.  If
widespread RPKI adoption doesn't happen and a few more accidental or
intentional YouTube black-holes do happen, it seems likely that
stakeholders will encourage ARIN to do more, and a hosted service
would be an obvious step to increase adoption.

As you know, my comfort level with ARIN handling tasks of an
operational nature is not high; but if they are going to participate
in RPKI in any way, I think they should be capable of performing
similarly to RIPE.  If not, we should be asking ourselves either 1)
why would anyone trust RIPE with their keys; or 2) why is RIPE more
trustworthy than ARIN?

If the answer to that is RIPE is significantly more competent than
ARIN (most folks I know are of this belief) then this discussion
should not be about one technical effort.  Instead, it should be about
how to make ARIN better.

Jeff S Wheeler <jsw at inconcepts.biz>
Sr Network Operator  /  Innovative Network Concepts

More information about the NANOG mailing list