[arin-discuss] Important Update Regarding Resource Certification

Christopher Morrow morrowc.lists at gmail.com
Thu Jan 6 14:00:11 EST 2011


On Thu, Jan 6, 2011 at 11:08 AM, John Curran <jcurran at arin.net> wrote:
> On Jan 6, 2011, at 9:32 AM, George, Wes E [NTK] wrote:
>
>> There have been some threads about this on NANOG in the last few days. Can
>> we get a bit clearer explanation of what the specific security concerns are
>> and why they are delaying things? It may also make sense for someone from
>> ARIN to post to NANOG with an explanation as well. If there are security
>> concerns, it is something that the community should be aware of in case
>> other RIRs or the SIDR WG need to be considering those issues as well.
>>
>> Thanks,
>> Wes George
>
> George -
>
>   The security concerns are not specificly related to the RPKI
>   protocol, but inherent implications of any service that might
>   be heavily relied upon for real-time network operations, i.e.
>   I don't think it's a SIDR WG matter, but simply part of the
>   due diligence associated with the service as noted below.

<snip>

>   To the extent that ARIN offering resource certification services
>   is important to your plans, it would good to express such needs

For the arin-discuss readers not also reading nanog:
(original discussion which spawned discussion of RPKI)
<http://mailman.nanog.org/pipermail/nanog/2011-January/030015.html>
  relevant message:
<http://mailman.nanog.org/pipermail/nanog/2011-January/030042.html>

The spawned message thread:
<http://mailman.nanog.org/pipermail/nanog/2011-January/030065.html>

as a vote for 'please make the RPKI a reality' count me as one on the
plus side. I'd like to see a strong/clear/maintained connection
between number resources (ASNs and netblocks), I'd like it if that
were in some  way cryptographically strong and if I could have
automated processes easily deal with the data set.

I'd also like it if the system would be able to grow into use with the
coming SIDR-wg bgp protocol changes... which are wrapped tightly
around the RPKI concept.

-Chris



More information about the ARIN-discuss mailing list