<html><head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"></head><body
style="font-family: tt; font-size: 10pt;" bgcolor="#FFFFFF"
text="#000000">
<div style="font-size: 10pt;font-family: tt;"><span style="font-family:
monospace;">greetings, arin members. as i count down my last months as
an arin trustee, i look to the future of our industry. the RIR system
(ARIN and its sisters in other regions) has confronted many challenges
during my nine years on the ARIN board, including for example the
seemingly (yet, not!) intractable problem of how to motivate wide spread
IPv6 deployment before "final IPv4 runout" forces everyone to make hard
choices or to live in triple-NAT ghettos.<br><br>yet, one of our most
ambitious and worthwhile challenges receives very little discussion.
that is: secure BGP routing, for which the RIR system has been working
for almost a decade on the enabling technology -- RPKI -- Routing Public
Key Infrastructure. briefly, this is a way to bind a crypto-authentic
key to blocks of address space, which will ultimately make it possible
for network operators to sign their routing announcements and verify the
announcements you receive.<br><br>today our colleagues at renesys
published a report on "man in the middle internet hijacking":<br><br><a
href="http://www.renesys.com/2013/11/mitm-internet-hijacking/">http://www.renesys.com/2013/11/mitm-internet-hijacking/</a>
</span><br style="font-family: monospace;"><br style="font-family:
monospace;"><span style="font-family: monospace;">the key message of
this article is this excerpt:</span><br style="font-family: monospace;"><br
style="font-family: monospace;"><blockquote style="font-family:
monospace;" type="cite"><span>... In practical terms, this means that
Man-In-the-Middle BGP route
hijacking has now moved from a theoretical concern to something that
happens fairly regularly, and the potential for traffic interception is
very real. ...</span></blockquote><br style="font-family: monospace;"><span
style="font-family: monospace;">i hope i can persuade all of you to
read the renesys article cited above, and to investigate ARIN's RPKI
project, in which the ARIN Board of Trustees has repeatedly voted to
invest the company's technology resources:</span><br style="font-family:
monospace;"><br style="font-family: monospace;"><span
style="font-family: monospace;"><a
href="https://www.arin.net/resources/rpki/index.html">https://www.arin.net/resources/rpki/index.html</a>
<br><br>i don't mean to say that you should stop worrying about IPv4
runout and IPv6 deployment, of course! what i do mean to say is, the
Internet's core routing system is not presently a safe neighborhood, and
fixing that is vital, and will require everyone's attention and effort.<br><br>thanks
for listening.<br><br>paul vixie, arin trustee, 2005-2013<br></span></div>
</body>
</html>