[arin-ppml] ULA-C and RPKI

William Herrin bill at herrin.us
Mon Apr 12 21:08:28 EDT 2010 

On Mon, Apr 12, 2010 at 8:46 PM, Michael Richardson <mcr at sandelman.ca> wrote:
>>>>>> "David" == David Farmer <farmer at umn.edu> writes:
>    David> I don't want to derail things with a discussion of RPKI for
>    David> ULA-C, there are many different ways to deal with it I'm not
>    David> sure what the right answers are. But just like I think those
>    David> that want Authoritative Reverse DNS for ULA-C should be able
>    David> to get it, if someone wants an RPKI certificate from ARIN for
>    David> their ULA-C assignment, why not?  And it is yet another
>    David> reason to have the RIR's do ULA-C assignment.  ULA-C is just
>    David> more of the same of what the RIRs do now.
>
> Why not?  Well because a full-validity, primary AA binding of ULA-C to
> an ASN makes no operational sense.
>
> If we agree that the only routing of ULA-C is private small-i internets
> (COINs), then those organizations that want to do this need to run their
> own RPKI AA's. (AA = Authorization Authority)

Last I read anything about it, there wasn't enough information about
RPKI's final form to make a determination whether or not ULA could be
usefully signed.

At least one form I read is nothing more than an expression from the
space's registrant that, "this is the scope of what I announce;
anything else is false." ARIN is expected to sign any record the
legitimate registrant places before it, even if it claims
disaggregation down to /128. There's no reason ULA in this scenario
couldn't be signed by ARIN.

On the other hand, you could also use signing / refusing to sign
records as a disaggregation and entry control to try to suppress route
count in the Internet's routing tables. With justification criteria
for the record you want signed just like there was justification
criteria for getting the GUA space in the first place. Signing ULA
records in that scenario would obviously be problematic...


Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

More information about the ARIN-PPML mailing list