RPKI and Trust Anchor question
marcelplug at gmail.com
Wed Aug 7 02:53:48 UTC 2013
Thanks for your detailed response John. Further comments inline.
On Mon, Aug 5, 2013 at 9:58 PM, John Curran <jcurran at arin.net> wrote:
> So, Marcel, please allow me to turn the question around... Do you
> do you believe that there should be an RPKI Global Trust Anchor?
> Are you concerned about the potential aggregation of control and
> risk that may result? (Feel free to answer me privately if you
> would prefer.)
Having a single root seems like the right way to go. There will always be
the threat (real or imagined) of outside interference. For that reason I'm
sure there will be a small droid army of independent systems monitoring and
studying every change the Global Trust Anchor makes - ready to sound the
alarm. It's probably easier to keep an eye on one trust anchor than it is
to monitor 5 of them.
All the other arguments I've heard are in favour of a one-TA system so I
won't repeat them.
> At the point in time when we understand the technical architecture
> being proposed and its implications, we will formally poll the ARIN
> and NANOG community on the question of whether there is support for
> having an RPKI Global Trust Anchor. My best estimate is that this
> will occur near the end of this year, but there's nothing wrong with
> having some discussion in the meantime if the mailing list is otherwise
> quiet. :-)
> I hope this provides some insight - thank you for asking about it,
> as it has been too long since any status update on this project
> (I will work on that as well for the very near future.)
As I said, thanks for the update.
> John Curran
> President and CEO
More information about the NANOG