[175564] in North American Network Operators' Group
Re: ARIN / RIR Pragmatism (WAS: Re: RADB)
daemon@ATHENA.MIT.EDU (Sandra Murphy)
Thu Oct 23 17:08:49 2014
X-Original-To: nanog@nanog.org
From: Sandra Murphy <sandy@tislabs.com>
In-Reply-To: <5bf5e66910c8acc4170b08e6190b5d6b@tcb.net>
Date: Thu, 23 Oct 2014 17:02:41 -0400
To: Danny McPherson <danny@tcb.net>
Cc: nanog@nanog.org, Sandra Murphy <sandy@tislabs.com>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_C14770D8-B639-4D7A-9AAC-9E9756CBECF0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
> IRR usage, training, tools, and better hygiene, perhaps expressly =
validated from resource certification from either RPKI
You might be interested in the draft-ietf-sidr-rpsl-sig-05.txt, which =
suggests using RPKI to protect RPSL objects.
That would help solve the trust problem in the current IRR world, which =
is that most IRRs can't tell if the object being registered is =
authorized. RIPE and, I think, APNIC being the exception, for their =
region resources. Lots of proxy registered objects aren't a good sign.
--Sandy
On Oct 23, 2014, at 2:26 PM, Danny McPherson <danny@tcb.net> wrote:
> <soapbox>
>=20
> I think the routing system would be in a much happier [less bad] place =
if only had a minor amount of the energy and resources that USG (and =
RIRs) have been put towards RPKI and BGPSEC (i.e., IETF SIDR work) would =
have been redirected to lower hanging fruit and better recognizing / =
leveraging existent systems and operational practices (e.g., more IRR =
usage, training, tools, and better hygiene, perhaps expressly validated =
from resource certification from either RPKI or in-addr.arpa, etc). =
Given that many of the same derived "policies" there could also be =
employed for inter-domain datapath anti-spoofing (BCP38-ish =
inter-domain) and that all the existing machinery and practices already =
deployed could more easily accommodate this in the near term, it seems =
only natural to me.
>=20
> As for the visionaries playing the long game, they've made progress, =
but surely the only way to get there is with more incremental "putty" =
and small practical steps to fill the gaps at this point.
>=20
> </soapbox>
>=20
> I for one would like to see ARIN (as well as other RIRs and the =
adjacent community) invest more pragmatically in this area, particularly =
given the governance climate and other externalities at play these days.
>=20
> Alas,
>=20
> -danny
>=20
--Apple-Mail=_C14770D8-B639-4D7A-9AAC-9E9756CBECF0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJUSWzxAAoJEHplpQeet0IZodsQALNxNFFajHVOWDTXWBBbgRIo
nVQ2WGHOMFeXbmosTDxeX8CzQHmF2UuI4oqkHUPRmRh02McTSl5AsMDa0kcAAyjc
puua4wdUS7x75E7ivB5reNNwV1/f4bbzjYPALpEt7mvY2AxZo8v92Kn5nfCtjkfI
RWTH8d2O3y3jTSm3m0q3CIxnzqXTCbgWiv8LyHl2+Zb4Kg+DS0OGnXIPOgdpZwQ+
nYc3yKAwG8uyMDLDxJdU1saY5JFmhsxB4SbDYQAbqLkAOnasbaYe8HUf6szrVgyZ
9M/aWnigliBPVKrgTnNTUgrE2QNCvHXx9Gkv5kNhQNnO1gIuy9FMQz+JjP+tLh+3
e8uGYH8qbVEumQoEjDzoGtTCFl+nr3uvChjCMXkoaC3x1f6QhgivdNU5TyIZuDVt
Tp6IEx8FYFhBpGBMhJPkj17GyCHJQ08gzI7uWYY8qk6jpsR1CkzgAsteI0xixY6G
93Ne57n/RsO6vRA74+J40ekXokaQmCpd2ZQ0gyTTDQq3+NaFCwYSgd3NPgnWSp0N
Dt+qtogh0EDvPb8HWU4stAOxQMmvsBCPOoT4XwiU4L87JnWMbag/0A7ugR1llkf6
b4m9CQ1bQeZNenrD3OOT/aQ+BCSc0uDR6sYyMnoBJtYU9WtVpbPxZT2aQn3BTPDI
cUjP+OilC8OPwjA2VXjm
=pYwu
-----END PGP SIGNATURE-----
--Apple-Mail=_C14770D8-B639-4D7A-9AAC-9E9756CBECF0--
