[ARIN-consult] Consultation an ARIN IRR Roadmap
Theo de Raadt
deraadt at openbsd.org
Fri Apr 27 14:36:38 EDT 2018
William Herrin <bill at herrin.us> wrote:
> On Wed, Apr 25, 2018 at 9:08 AM, Ruediger Volk <rv at nic.dtag.de> wrote:
> > In a February thread between John Curran and Jay Borkenhagen there also was
> > mentioning of ongoing - but unannounced and so far undocumented - enhancements
> > to ARIN's RPKI.
> Hi Ruediger,
> Thanks for looking in to this. Two questions:
> 1. What's the current status of ARIN RPKI with respect to relying
> parties and contracts? Are relying parties still obligated to accept a
> contract of adhesion in order to gain access to ARIN's RPKI data?
You probably recognize me as responsible for OpenBSD, which contains
both dns and bgp software (OpenBGPD).
On the dns front, the PKI authority model is largely resolved. OpenBSD
ships with the DNS Root Zone Trust Anchor: lowering the barrier to set
up secure systems helps increase security.
But on the bgp front it is a mess. Clearly the RP agreement prevents
OpenBGPD from shipping the public keys. It is unlikely that users
(especially those abroad) will go to ARIN to evaluate an agreement to
download keys to put onto their routers or validators. Other router
vendors will be in the same situation.
I hope for a solution that works for all bgp software including
OpenBGPD, Junos, BIRD.
More information about the ARIN-consult