ARIN RPKI TAL deployment issues
ttauber at 1-4-5.net
Tue Sep 25 20:14:11 UTC 2018
Sounds reasonable to me but IANAL, nor an RIR, nor an IXP.
IXPs however do seem to be the sites of some number of recent
mis-originations (putting it as charitably as possible).
Let's try and make it harder for bad actors to do their mischief.
On Tue, Sep 25, 2018 at 3:36 PM Job Snijders <job at ntt.net> wrote:
> On Tue, Sep 25, 2018 at 03:07:54PM -0400, John Curran wrote:
> > On Sep 25, 2018, at 1:30 PM, Job Snijders <job at ntt.net> wrote:
> > >
> > > """Using the data, we can also see that the providers that have not
> > > downloaded the ARIN TAL. Either because they were not aware that
> > > they needed to, or could not agree to the agreement they have with
> > > it.
> > Is it possible to ascertain how many of those who have not downloaded
> > the ARIN TAL are also publishing ROA’s via RIPE’s CA?
> I'm sure we could extend the data set to figure this out. But given the
> assymmetric relation between applying Origin Validation based on RPKI
> data and publishing ROAs, the number will be between 0% and 100% and
> over time may go up or down. So, out of curiosity, what is your
> underlaying question?
> (An example: a route server operator generally doesn't originate any BGP
> announcements themselves, but route servers are in an ideal position to
> perform RPKI based BGP Origin Validation.)
> What I'm hoping for is that there is a way for the ARIN TAL to be
> included in software distributions, without compromising ARIN's legal
> Perhaps an exception for software distributors would already go a long
> "You can include the ARIN TAL in your software distribution as long
> as you also include an unmodified copy of the
> https://www.arin.net/resources/rpki/rpa.pdf file alongside it."
> Kind regards,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the NANOG