RPKI and Trust Anchor question

Marcel Plug marcelplug at gmail.com
Wed Aug 7 02:53:48 UTC 2013

Thanks for your detailed response John.  Further comments inline.

On Mon, Aug 5, 2013 at 9:58 PM, John Curran <jcurran at arin.net> wrote:
>   So, Marcel, please allow me to turn the question around...  Do you
>   do you believe that there should be an RPKI Global Trust Anchor?
>   Are you concerned about the potential aggregation of control and
>   risk that may result? (Feel free to answer me privately if you
>   would prefer.)

Having a single root seems like the right way to go.  There will always be
the threat (real or imagined) of outside interference.  For that reason I'm
sure there will be a small droid army of independent systems monitoring and
studying every change the Global Trust Anchor makes - ready to sound the
alarm.  It's probably easier to keep an eye on one trust anchor than it is
to monitor 5 of them.

All the other arguments I've heard are in favour of a one-TA system so I
won't repeat them.

>   At the point in time when we understand the technical architecture
>   being proposed and its implications, we will formally poll the ARIN
>   and NANOG community on the question of whether there is support for
>   having an RPKI Global Trust Anchor.  My best estimate is that this
>   will occur near the end of this year, but there's nothing wrong with
>   having some discussion in the meantime if the mailing list is otherwise
>   quiet.  :-)
> I hope this provides some insight - thank you for asking about it,
> as it has been too long since any status update on this project
> (I will work on that as well for the very near future.)

As I said, thanks for the update.

> Thanks!
> /John
> John Curran
> President and CEO
> Marcel

More information about the NANOG mailing list