[arin-ppml] Draft Policy 2012-3: ASN Transfers
tvest at eyeconomics.com
Fri Mar 16 17:23:00 EDT 2012
On Mar 16, 2012, at 2:40 PM, David Farmer wrote:
> On 3/16/12 10:11 CDT, Tom Vest wrote:
>> 3. Entities that would not be unhappy to see SIDR/RPKI fail
>> absolutely and/or to succeed primarily in turning the current
>> industry pecking order into a perpetual, insurmountable reputation
>> hierarchy -- where no amount of good of behavior can ever be truly
>> reassuring (if you're a new entrant), and no instance of bad behavior
>> need ever tarnish one's own reputation (if you're an incumbent
>> operator) -- would have everything they require to achieve those
> I'd be interested in more details on the risks you see ASN transfers creating for RPKI.
> Would such risks to RPKI associated with ASN transfers be any different than ARIN reassigning an ASN that was returned to it or that ARIN reclaimed?
> Are you saying that ASNs are suppose to be both globally and eternally unique?
> I'm not saying I'd be opposed to ASNs being eternally unique, but I didn't know it was a requirement, especially of RPKI.
The risk would be to the value of the information that RPKI provides to (any/all) non-peers, and at least potentially to direct peers as well (as I believe Chris alluded to earlier this week). The knowledge that route (a) was originated by AS (x) is only meaningful insofar as one has some set of high-confidence beliefs/expectations about AS (x). However, if AS (x) can change hands at will, henceforth no such confidence will be possible for the overwhelming majority if not all ASes.
It seems to me that the community has embraced an adaptation strategy involving IPv4 transfers in part because of "extremely optimistic" assumptions about the power of (some combination of) self-interest, passive administrative mechanisms, and esp. operational discovery capabilities to mitigate the inevitable consequences of market speculation -- including the escalating likelihood that some resources will change hands operationally without much (or any) public disclosure -- with RPKI playing a big role in boosting confidence about the latter. However, whatever confidence that RPKI may provide is & has always been founded on the (mostly unacknowledged) assumptions that (a) one would actually know who/what a particular AS represents (or how it is likely to behave, which has the same implications) -- and that (b) that knowledge would not/could not be invalidated without producing some operationally detectable "telltale sign." A bilaterally negotiated transfer of a routed IPv4 prefix along with its current origin-AS might not leave any such operational trace, and could go undetected for a long time.
More information about the ARIN-PPML