[ARIN-consult] Consultation on Reallocation Control Features
Ido Rosen
irosen at gmail.com
Tue Oct 15 15:34:31 EDT 2024
> On Oct 15, 2024, at 11:29, William Herrin <bill at herrin.us> wrote:
> On Tue, Oct 15, 2024 at 10:48 AM Chris Woodfield <chris at semihuman.com> wrote:
>>
>> another approach to this could be that an org can choose to require that they affirmatively accept any attempted reallocation request to their Org ID
>
> I like this approach much better than the whole screwy "domain lock"
> thing they do with the DNS.
If an org were required to register a public key with ARIN in order to be eligible for transfers, reallocations, and these other “advanced” features, then ARIN could solve this authentication and authorization problem systematically and automatically using asymmetric cryptography. This is already the case for hosted RPKI somewhat.
Whatever mechanism is created or used here, it coexists in the same security narrative as RPKI, and should be audited. I encourage ARIN to also coordinate with other RIRs to build a standard for secure ownership attestation / authZ for org records (and other data records), even if it is out of scope for this particular consultation.
More information about the ARIN-consult
mailing list