ARIN / RIR Pragmatism (WAS: Re: RADB)

Danny McPherson danny at tcb.net
Thu Oct 23 21:13:15 UTC 2014


On 2014-10-23 15:02, Sandra Murphy wrote:
>> IRR usage, training, tools, and better hygiene, perhaps expressly 
>> validated from resource certification from either RPKI
>
> You might be interested in the draft-ietf-sidr-rpsl-sig-05.txt, which
> suggests using RPKI to protect RPSL objects.

Yep, I'm aware of that and think that's a really useful thing if RPKI 
is the resource certification infrastructure we must use.

> That would help solve the trust problem in the current IRR world,
> which is that most IRRs can't tell if the object being registered is
> authorized.  RIPE and, I think, APNIC being the exception, for their
> region resources.  Lots of proxy registered objects aren't a good
> sign.

Agreed!

That said, if people are still having issues with IRRs and lack of 
training, toolsets, and usability around them today and after deploying 
RPKI they still need IRRs (and whois, and in-addr.arpa, and..) for a 
whole bunch of stuff just to keep the packets flowing then the height 
limit to do basic and useful things just became that much higher, and 
requires a lot more care and feeding then before RPKI (even absent all 
the architectural aspects of RPKI that are "interesting").

-danny




More information about the NANOG mailing list