[ppml] Staff Comments Regarding Policy Proposal 2006-3

Mark Kosters markk at verisignlabs.com
Thu Oct 5 09:39:13 EDT 2006

On Thu, Oct 05, 2006 at 09:22:20AM -0400, Sandy Murphy wrote:
> The April meeting also saw a panel presentation about a resource certificate
> PKI and route origination attestations based on that PKI.  
> The goal underlying both the panel topic and the proposal 2006-3 is to 
> produce an authenticated list of authorized prefix originations.  (The 
> resource certificate PKI could be used in other ways as well, as a means of 
> judging the validity of  requests for route origination from new customers, 
> as a resource to use when diagnosing routing difficulties, <see slides>)
> Commentary at the mike during the resource PKI and route origination
> attestation panel was predominantly positive.  The comments at the mike
> regarding policy proposal 2006-3 were not as predominately positive  :-).
> However, none of the comments about the policy proposal disagreed with the
> policy proposal's goal.
> Would the membership accept the broadened statement of proposal 2006-3?
> Such a proposal would indicate the membership's support for the goals of the 
> resource certificate PKI, and (happily) would also support the goal behind policy 
> proposal 2006-3.

I personally support the goal behind 2006-3 and see it as an intermediate
measure to improve state of routing security. The PKI effort is quite 
impressive and allows for strong security.  However, there much work 
to be done here and the end result may be complex. Having an authenticated 
list of authorized prefix originations will probably be simpler and
faster measure for ARIN to implement. Once the PKI stuff is done and
2006-3 in some form is approved, ISPs then could have three choices
  use the PKI facility
  use the route origination list
  do nothing

Thus, this all allows isps a choice of what type of validation they wish 
to perform on their networks.

What do others think?



Mark Kosters            markk at verisignlabs.com               VeriSign 

More information about the ARIN-PPML mailing list