[ppml] Routing Registries / RPKI (Was: Policy Proposal: Authentication of Legacy Resources)

Jeroen Massar jeroen at unfix.org
Tue Jul 10 14:51:07 EDT 2007


Owen DeLong wrote:
> [..] Making the block visible to ISPs as in
> a questionable status means that when someone asks a responsible ISP
> to route the block, the ISP will be able to encourage them to contact  
> ARIN and update their data.

Agreeing with Owens post, but having to comment on this portion which is
a bit on a different subject, thus here goes.

It seems that for these and quite a number of other purposes that the
RIR communities and thus effectively ISP's are trying to avoid having
superfluous routes in the routing tables. Currently this is being
partially enforced by allocation policies: difference between PI and PA,
minimum PI block sizes, and the current proposals for ULA space.

The thing what would actually address all these concerns is a PKI which
authenticates the routing information, at least when the certificate
contains a "no-sub-prefixes" flag or similar. There are and have been
efforts underway for this, I think that the communities should be trying
to help those efforts out and support them where possible.

At the point in time that RIR's will introduce these mechanisms and they
become widely deployed (would only need a couple of global transit
providers to do so) all these issues of "who owns which address space"
are out of the picture.

Of course, currently something in the 'authenticating routes' area can
already be done: Routing Registries. These are quite well used, from
what I see, already in the RIPE region. Maybe a small push in that area
for wider acceptance might be a good thing and help already take care of
these things. This also has the same 'you don't have a route[6] object
in the rr, please fix it up' kind of case as the above proposal where
the whois information would be either made unavailable or otherwise
clearly noted that the information is incorrect.

Greets,
 Jeroen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 311 bytes
Desc: OpenPGP digital signature
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20070710/eb8964a7/attachment.sig>


More information about the ARIN-PPML mailing list