Reaching out to ARIN members about their RPKI INVALID prefixes

Owen DeLong owen at delong.com
Tue Sep 18 17:23:42 UTC 2018


Personally, since all RPKI accomplishes is providing a cryptographically signed notation of origin ASNs that hijackers should prepend to their announcements in order to create an aura of credibility, I think we should stop throwing resources down this rathole.

Owen


> On Sep 18, 2018, at 4:56 AM, nusenu <nusenu-lists at riseup.net> wrote:
> 
> Dear NANOG,
> 
> when I approached ARIN about how they feel about reaching out to their members about
> prefixes that are unreachable in a route origin validation (ROV) environment,
> John Curran (CEO ARIN) referred me to you (see email bellow - quoted with permission).
> 
> The question I asked ARIN was specifically:
>> Would you be open to reach out to your affected members to inform them about
>> their affected IP prefixes?
> 
> John Curran (CEO ARIN) wrote:
>> If there is evidence of community
>> Interest, then ARIN can conduct a community consultation to determine
>> our best role in this area, but you first should encourage discussion
>> within the network operator community at appropriate forums.
> 
> So here is my question to the network operator community in the ARIN region to
> gather if there are any (dis)agreements/opinions about such a notification by ARIN:
> 
> What do you think about the idea that ARIN actively informs their affected members
> about prefixes that are unreachable in an RPKI ROV environment?
> 
> The goal of that outreach/notification would be 
> - to reduce the number of broken legacy ROAs from the past
> - reduce the negative impact on reachability of affected members.
> 
> looking forward to receiving your feedback!
> 
> kind regards,
> nusenu
> 
> 
> 
> 
> [1] https://medium.com/@nusenu/towards-cleaning-up-rpki-invalids-d69b03ab8a8c
> 
> John Curran wrote:
>> Subject: Reaching out to ARIN members about their RPKI INVALID prefixes
>> 
>> Nusenu -
>> 
>> Thank you for writing us - the project (and Medium post on same) are
>> quite interesting.
>> 
>> I think you’ve got several options for pursuing your objectives,
>> including –
>> 
>> 1) Reaching out to parties that already track and report on Internet
>> routing hygiene (e.g. Geoff Huston at http://bgp.potaroo.net, the
>> RPKI validator team at RIPE, the NIST RPKI Deployment monitor -
>> https://rpki-monitor.antd.nist.gov) to see if of them would like to
>> report on this information and/or contact those with invalids)
>> 
>> 2) Raising the issue in the ARIN region via the NANOG operator forum
>> - this would make an excellent lightening talk for you (or someone
>> else familiar with it already attending) to speak about at the
>> upcoming NANOG Vancouver meeting.  If there is evidence of community
>> Interest, then ARIN can conduct a community consultation to determine
>> our best role in this area, but you first should encourage discussion
>> within the network operator community at appropriate forums.  It is
>> not appropriate for ARIN staff to be proposing this additional role
>> for the organization, as we within the ARIN staff follow community
>> direction rather than set it.
>> 
>> Thanks! /John
>> 
>> John Curran President and CEO ARIN
>> 
> 
> 
> 
> -- 
> https://twitter.com/nusenu_
> https://mastodon.social/@nusenu
> 



More information about the NANOG mailing list