[arin-ppml] Draft Policy 2012-3: ASN Transfers
owen at delong.com
Fri Mar 23 17:28:50 EDT 2012
On Mar 23, 2012, at 11:41 AM, David Farmer wrote:
> On 3/23/12 13:16 CDT, Gary Buhrmaster wrote:
>> On Fri, Mar 16, 2012 at 21:23, Tom Vest<tvest at eyeconomics.com> wrote:
>>> The risk would be to the value of the information that RPKI provides to (any/all) non-peers, and at least potentially to direct peers as well (as I believe Chris alluded to earlier this week). The knowledge that route (a) was originated by AS (x) is only meaningful insofar as one has some set of high-confidence beliefs/expectations about AS (x). However, if AS (x) can change hands at will, henceforth no such confidence will be possible for the overwhelming majority if not all ASes.
>> So, what I am hearing the RPKI experts say, is that ASNs (at least
>> from some point moving forward) might need to be eternally unique,
>> and that in (all?) cases of mergers, acquisitions, and/or bankrupcy transfers
>> of numbers, ARIN should issue a new ASN in exchange (with some
>> period of overlap, presumably) in order that reputation is not migrated.
>> Also, presumably, the (new) ASN should be issued by ARIN without
>> an additional needs review (it is an exchange in the best interests
>> of the (RPKI) community, not a new request).
> I think that is what was said. However, I'm not sure Owen or Tom classify themselves as RPKI experts, please correct me if I'm wrong. And, if I'm wrong, I apologize. Further, this is the first I heard of this being an issue, it's never been brought up in any of the several RKPI talks I've been to.
I don't classify myself as an RPKI expert, and I would say that Gary's concerns are additive to what Tom and I have expressed. I don't think that requiring ARIN to issue new ASNs will necessarily prevent ASN reputation hijacking, however, since you have the same revocation problem as the RPKI certificates... ASN validation would suffer from the same issues.
More information about the ARIN-PPML