[175566] in North American Network Operators' Group
Re: ARIN / RIR Pragmatism (WAS: Re: RADB)
daemon@ATHENA.MIT.EDU (Danny McPherson)
Thu Oct 23 17:16:14 2014
X-Original-To: nanog@nanog.org
Date: Thu, 23 Oct 2014 15:13:15 -0600
From: Danny McPherson <danny@tcb.net>
To: Sandra Murphy <sandy@tislabs.com>
In-Reply-To: <8B78FB63-844E-4135-837D-B08DD647BD1D@tislabs.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On 2014-10-23 15:02, Sandra Murphy wrote:
>> IRR usage, training, tools, and better hygiene, perhaps expressly
>> validated from resource certification from either RPKI
>
> You might be interested in the draft-ietf-sidr-rpsl-sig-05.txt, which
> suggests using RPKI to protect RPSL objects.
Yep, I'm aware of that and think that's a really useful thing if RPKI
is the resource certification infrastructure we must use.
> That would help solve the trust problem in the current IRR world,
> which is that most IRRs can't tell if the object being registered is
> authorized. RIPE and, I think, APNIC being the exception, for their
> region resources. Lots of proxy registered objects aren't a good
> sign.
Agreed!
That said, if people are still having issues with IRRs and lack of
training, toolsets, and usability around them today and after deploying
RPKI they still need IRRs (and whois, and in-addr.arpa, and..) for a
whole bunch of stuff just to keep the packets flowing then the height
limit to do basic and useful things just became that much higher, and
requires a lot more care and feeding then before RPKI (even absent all
the architectural aspects of RPKI that are "interesting").
-danny
