[ppml] Staff Comments Regarding Policy Proposal 2006-3
On Thu, Oct 05, 2006 at 09:22:20AM -0400, Sandy Murphy wrote:
> The April meeting also saw a panel presentation about a resource certificate
> PKI and route origination attestations based on that PKI.
> The goal underlying both the panel topic and the proposal 2006-3 is to
> produce an authenticated list of authorized prefix originations. (The
> resource certificate PKI could be used in other ways as well, as a means of
> judging the validity of requests for route origination from new customers,
> as a resource to use when diagnosing routing difficulties, <see slides>)
> Commentary at the mike during the resource PKI and route origination
> attestation panel was predominantly positive. The comments at the mike
> regarding policy proposal 2006-3 were not as predominately positive :-).
> However, none of the comments about the policy proposal disagreed with the
> policy proposal's goal.
> Would the membership accept the broadened statement of proposal 2006-3?
> Such a proposal would indicate the membership's support for the goals of the
> resource certificate PKI, and (happily) would also support the goal behind policy
> proposal 2006-3.
I personally support the goal behind 2006-3 and see it as an intermediate
measure to improve state of routing security. The PKI effort is quite
impressive and allows for strong security. However, there much work
to be done here and the end result may be complex. Having an authenticated
list of authorized prefix originations will probably be simpler and
faster measure for ARIN to implement. Once the PKI stuff is done and
2006-3 in some form is approved, ISPs then could have three choices
use the PKI facility
use the route origination list
Thus, this all allows isps a choice of what type of validation they wish
to perform on their networks.
What do others think?
Mark Kosters markk at verisignlabs.com VeriSign