ARIN RPKI TAL deployment issues

Job Snijders job at ntt.net
Tue Sep 25 19:34:51 UTC 2018


On Tue, Sep 25, 2018 at 03:07:54PM -0400, John Curran wrote:
> On Sep 25, 2018, at 1:30 PM, Job Snijders <job at ntt.net> wrote:
> > 
> >    """Using the data, we can also see that the providers that have not
> >    downloaded the ARIN TAL. Either because they were not aware that
> >    they needed to, or could not agree to the agreement they have with
> >    it.
> 
> Is it possible to ascertain how many of those who have not downloaded
> the ARIN TAL are also publishing ROA’s via RIPE’s CA?

I'm sure we could extend the data set to figure this out. But given the
assymmetric relation between applying Origin Validation based on RPKI
data and publishing ROAs, the number will be between 0% and 100% and
over time may go up or down. So, out of curiosity, what is your
underlaying question?

(An example: a route server operator generally doesn't originate any BGP
announcements themselves, but route servers are in an ideal position to
perform RPKI based BGP Origin Validation.)

What I'm hoping for is that there is a way for the ARIN TAL to be
included in software distributions, without compromising ARIN's legal
position.

Perhaps an exception for software distributors would already go a long
way?

    "You can include the ARIN TAL in your software distribution as long
    as you also include an unmodified copy of the
    https://www.arin.net/resources/rpki/rpa.pdf file alongside it."

Kind regards,

Job


More information about the NANOG mailing list