ARIN RPKI TAL deployment issues

Tue Sep 25 20:14:11 UTC 2018

Sounds reasonable to me but IANAL, nor an RIR, nor an IXP.

IXPs however do seem to be the sites of some number of recent
mis-originations (putting it as charitably as possible).

Let's try and make it harder for bad actors to do their mischief.

Thanks,
Tony

On Tue, Sep 25, 2018 at 3:36 PM Job Snijders <job at ntt.net> wrote:

> On Tue, Sep 25, 2018 at 03:07:54PM -0400, John Curran wrote:
> > On Sep 25, 2018, at 1:30 PM, Job Snijders <job at ntt.net> wrote:
> > >
> > >    """Using the data, we can also see that the providers that have not
> > >    downloaded the ARIN TAL. Either because they were not aware that
> > >    they needed to, or could not agree to the agreement they have with
> > >    it.
> >
> > Is it possible to ascertain how many of those who have not downloaded
> > the ARIN TAL are also publishing ROA’s via RIPE’s CA?
>
> I'm sure we could extend the data set to figure this out. But given the
> assymmetric relation between applying Origin Validation based on RPKI
> data and publishing ROAs, the number will be between 0% and 100% and
> over time may go up or down. So, out of curiosity, what is your
> underlaying question?
>
> (An example: a route server operator generally doesn't originate any BGP
> announcements themselves, but route servers are in an ideal position to
> perform RPKI based BGP Origin Validation.)
>
> What I'm hoping for is that there is a way for the ARIN TAL to be
> included in software distributions, without compromising ARIN's legal
> position.
>
> Perhaps an exception for software distributors would already go a long
> way?
>
>     "You can include the ARIN TAL in your software distribution as long
>     as you also include an unmodified copy of the
>     https://www.arin.net/resources/rpki/rpa.pdf file alongside it."
>
> Kind regards,
>
> Job
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180925/abde15ec/attachment.html>