[135818] in North American Network Operators' Group
Re: [arin-announce] ARIN Resource Certification Update
daemon@ATHENA.MIT.EDU (John Curran)
Sat Jan 29 11:36:42 2011
From: John Curran <jcurran@arin.net>
To: Alex Band <alexb@ripe.net>
Date: Sat, 29 Jan 2011 16:35:50 +0000
In-Reply-To: <FDFF6713-AB2E-4447-A58B-52CD36A6113A@ripe.net>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 29, 2011, at 10:26 AM, Alex Band wrote:
> John,
>=20
> Thanks for the update. With regards to offering a hosted solution, as you=
know that is the only thing the RIPE NCC currently offers. We're developin=
g support for the up/down protocol as I write this.
Alex - Yes, congrats on rolling out that offering! Also, I wish the folks =
at the very best on the up/down protocol work, since (as you're likely awar=
e) ARIN is planning to leverage that effort in our up/down service developm=
ent. :-)
> I realize a hosted solution is not ideal, we're very open about that. But=
at least in our region, it seems there are quite a number of organizations=
who understand and accept the security trade-off of not being the owner of=
the private key for their resource certificate and trust their RIR to run =
a properly secured and audited service. So the question is, if the RIPE NCC=
would have required everyone to run their own certification setup using th=
e open source tool-sets Randy mentions, would there be this much certified =
address space now?
For many organizations, a hosted service offers the convenience that would =
make deployment likely. The challenge that ARIN faces isn't with respect t=
o whether our community trusts us to run a properly secured and audited ser=
vice, but the potential implied liability to ARIN if a party alleges that t=
he hosted service performs incorrectly. It is rather challenging to show t=
hat a "relying party" is legally bound to the terms of service in certifica=
te practices statement, and this means that there are significant risks in =
the offering the service (even with it performing perfectly), since much of=
the normal contractual protections are not available.
Imagine an organization that incorrectly enters its AS number during a ROA =
generation, and succeeds in taking itself off their air for a prolonged per=
iod. Depending on the damages the organization suffered as a result, it ma=
y want to claim that ARIN's Hosted RPKI system performed "incorrectly", as =
may those folks who were impacted by not being able to reach the organizati=
on. While ARIN's hosted system would be performing perfectly, the risk and=
costs to the organization in trying to defend against such (spurious) clai=
ms could be very serious. Ultimately, the ARIN Board needs to weigh such m=
atters of benefit and risk in full against the mission and determine the ap=
propriate direction.
> Looking at the depletion of IPv4 address space, it's going to be cruciall=
y important to have validatable proof who is the legitimate holder of Inter=
net resources. I fear that by not offering a hosted certification solution,=
real world adoption rates will rival those of IPv6 and DNSSEC. Can the Int=
ernet community afford that?
The RPKI information regarding valid address holder is effectively same as =
that contained in the WHOIS, so readily available evidence of resource hold=
er is available today. Parties already use information from the RIRs from =
WHOIS and routing registries to do various forms of resource & route valida=
tion; resource certification simply provides a clearer, more secure & more =
consistent model for this information. I'm not saying that resource certif=
ication isn't important, but do not think that characterizing its need as c=
rucial specifically due to IPv4 depletion is the complete picture. =20
ARIN recognizes the importance of resource certification and hence its comm=
itment to supporting resource certification for resources in the region via=
Up/Down protocol. There is not a decision on a hosted RPKI offer at this t=
ime, but that is because we want to be able to discuss the benefits and ris=
ks with the community at our upcoming April meeting to make sure there is s=
ignificant demand for service as well as appropriate mechanisms for safely =
managing the risks involved. I hope this clarifies the update message that=
I sent out earlier, and provides some insight into the considerations that=
have led ARIN's position on resource certification.
Thanks!
/John
John Curran
President and CEO
ARIN
