[175615] in North American Network Operators' Group
Re: ARIN / RIR Pragmatism (WAS: Re: RADB)
daemon@ATHENA.MIT.EDU (Danny McPherson)
Sat Oct 25 11:23:53 2014
X-Original-To: nanog@nanog.org
Date: Sat, 25 Oct 2014 09:23:45 -0600
From: Danny McPherson <danny@tcb.net>
To: <nanog@nanog.org>
In-Reply-To: <721E6DA8-96F2-41C1-B626-365E519E6049@tislabs.com>
Errors-To: nanog-bounces@nanog.org
On 2014-10-25 06:57, Sandra Murphy wrote:
> Other RIR based RIRs have the same ability to protect prefixes in
> their realm of control. (See RFC 2725 RPSS)(*) (I think that APNIC
> is doing pretty much as RIPE is.)
>
> Even RIPE is not secure for prefixes outside their region. (There's
> one maintainer that anyone can use to register anything for resources
> outside the region - password publicly available, etc.)
>
> Non-RIR based IRRs do not have the ability to tie the register-er to
> authority for the resource, so they have no base on which to build
> the
> RIPE sort of security.
Those are fair points Sandy, I agree they need to be resolved.
It's just that RPKI feels like a _really heavy solution to _that
problem. That said, if that problem were solved nearly all of what I
care about with regard to routing security (and inter-domain
anti-spoofing) could be addressed.
-danny
