[arin-announce] ARIN Resource Certification Update

Paul Vixie vixie at isc.org
Sun Jan 30 21:25:28 CST 2011

> From: Alex Band <alexb at ripe.net>
> Date: Sun, 30 Jan 2011 11:39:36 +0100
> I think my question is very pertinent. Of course the number of signed
> prefixes directly influences the number of validators. Do you think
> the RIPE NCC Validator tool would have been downloaded over 100 times
> in the last month if there were only 5 certified prefixes?

i think we may be talking past each other.  the number of production
validators will be unrelated to any difference between "prefixes signed
because signing is easy" and "prefixes signed because operators are
willing to do something hard."  the operators who will sign even if it's
hard (for example, deploying up/down) and also the operators who will
only do it if it's easy (for example, hosted at an RIR) will each not
care how many production validators there are at that moment -- their
decision will be made on some other basis.

> Practically, in the real world, why would anyone invest time and
> effort in altering their current BGP decision making process to
> accommodate for resource certification if the technology is on
> nobody's radar, it's hard to get your feet wet and there are just a
> handful of certified prefixes out there. Wouldn't it be good if
> network operators think: "Because it helps increase global routing
> security, it's easy to get started and lots of people are already
> involved, perhaps I should have a look at (both sides of) resource
> certification too."

the reasoning you're describing is what we had in mind when we built DLV
as an early deployment aid for DNSSEC.  we had to "break stiction" where
if there were no validators there would be incentive to sign, and if
there were no signatures there would be no incentive to validate.  are
you likewise proposing the hosted solution only as an early deployment
aid?  i'm really quite curious as to whether you'll continue operating
an RPKI hosting capability even if it becomes unnec'y (as proved some
day if many operators of all sizes demonstrate capability for up/down).
if so, can you share the reasoning behind that business decision?

i know it sounds like i'm arguing against a hosted solution, but i'm
not.  i'm just saying that network operators are going to make business
decisions (comparing cost and risk to benefit) as to whether to sign and
whether to validate, and RIR's are going to make business decisions
(comparing cost and risk to benefit) as to what provisioning mode to
offer, and i don't plan to try to tell any network operators to sign or
validate based on my own criteria, nor do i plan to try to tell any RIR
that they should host or do up/down based on my own criteria.  it's
their own criteria that matters.  let's just get the best starting
conditions we can get, and then expect that everybody will make the best
decision they can make based on those conditions.

at ISC i have been extremely interested in participating in RPKI
development and i think that sra and randy (and the whole RPKI team
inside IETF and among the RIRs) have done great work improving the
starting conditions for anyone who has to make a business decision of
whether to deploy and if so what mode to deploy in.  on the ARIN BoT i
have likewise been very interested in and supportive of RPKI and i'm
happy to repeat john curran's words which were, ARIN is looking at the
risks and benefits of various RPKI deployment scenarios, and we expect
to do more public and member outreach and consultation at our upcoming
meeting in san juan PR.

Paul Vixie
Chairman and Chief Scientist, ISC
Member, ARIN BoT


> > i don't agree that that question is pertinent.  in deployment scenario
> > planning i've come up with three alternatives and this question is not
> > relevant to any of them.  perhaps you know a fourth alternative.  here
> > are mine.
> > 
> > 1. people who receive routes will prefer signed vs. unsigned, and other
> > people who can sign routes will sign them if it's easy (for example,
> > hosted) but not if it's too hard (for example, up/down).
> > 
> > 2. same as #1 except people who really care about their routes (like
> > banks or asp's) will sign them even if it is hard (for example, up/down).
> > 
> > 3. people who receive routes will ignore any unsigned routes they hear,
> > and everyone who can sign routes will sign them no matter how hard it is.
> > 
> > i do not expect to live long enough to see #3.  the difference between #1
> > and #2 depends on the number of validators not the number of signed routes
> > (since it's an incentive question).  therefore small differences in the
> > size of the set of signed routes does not matter very much in 2011, and
> > the risk:benefit profile of hosted vs. up/down still matters far more.
> > ...

More information about the NANOG mailing list