[arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

Matthew Kaufman matthew at matthew.at
Thu Oct 4 15:12:51 EDT 2018


For me the financial price is too high *and* I didn't want to be on the
wrong side when someone decided they might be a real asset.

Now that I've whittled my holdings down to what I need for my own purposes,
it is just financial, like Brian.

ps. That's also why I haven't moved these networks to PI IPv6 space.


On Thu, Oct 4, 2018 at 12:09 PM Matthew Kaufman <matthew at matthew.at> wrote:

> Ever since the "legacy resource holders get the same services that they
> received upon ARIN’s formation" we knew it was only a matter of time before
> some new-but-now-critical service (RPKI, DNSSEC, addition of some required
> new Whois field, etc.) was denied to them. The "stick" part of the "carrot
> and stick" approach to getting people to sign a service agreement.
>
> The addresses I use are not under a service agreement, and I will continue
> to use them, (and fight for them to be fully usable no matter what new
> features become mandatory for a registrar to support against an address
> block for the operator community to route or otherwise accept that block)
> without such agreement, to communicate on the Internet.
>
> Matthew Kaufman
>
>
> On Thu, Oct 4, 2018 at 11:28 AM Paul Andersen <paul at arin.net> wrote:
>
>> Bill,
>>
>> I am personally fully committed to universal DNSSEC, and I believe  that
>> this practice deleteriously affects all ARIN members, not just legacy ones.
>> I hope that discussion on this list will indicate a clear community
>> consensus, so that the board can ensure that staff act upon that input.
>>
>> Cheers,
>>
>> Paul
>>
>>
>> > On Oct 4, 2018, at 2:00 PM, Bill Woodcock <woody at pch.net> wrote:
>> >
>> >
>> >
>> >> On Oct 4, 2018, at 9:29 AM, Michael Sinatra <
>> michael+ppml at burnttofu.net> wrote:
>> >> I have received word of an apparent change in ARIN operational
>> policy...
>> >> ...no longer accepting DNSSEC DS records for reverse DNS for those
>> resources that are not covered by RSA or LRSA.  This is a change from
>> current operational practice, and it effectively disables the *community's*
>> ability to validate reverse DNS for these holders.
>> >
>> > This is an unconscionable roll-back of a critical security feature of
>> the Internet.  This cannot be allowed to move forward.
>> >
>> >                                -Bill
>> >
>> > _______________________________________________
>> > ARIN-PPML
>> > You are receiving this message because you are subscribed to
>> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> > Unsubscribe or manage your mailing list subscription at:
>> > https://lists.arin.net/mailman/listinfo/arin-ppml
>> > Please contact info at arin.net if you experience any issues.
>>
>> _______________________________________________
>> ARIN-PPML
>> You are receiving this message because you are subscribed to
>> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> https://lists.arin.net/mailman/listinfo/arin-ppml
>> Please contact info at arin.net if you experience any issues.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20181004/9168df40/attachment-0001.html>


More information about the ARIN-PPML mailing list