[arin-ppml] RPKI for Reallocations

Sylvain BAYA abscoco at gmail.com
Fri Jun 23 14:57:25 EDT 2023


Hope this email finds you in good health!

Please see my comment below, inline...


Le 23/06/2023 à 18:03, August Yang via ARIN-PPML a écrit :
> Current hosted RPKI implementations across all RIRs follow a 
> hierarchical structure, where access to manage ROAs terminates at the 
> party directly allocated corresponding resources. IPv6 reverse DNS is 
> another example. If you've received a small IPv6 subnet through 
> reallocation, you may face similar restrictions in managing name 
> servers through ARIN Online, necessitating contact with the LIR/ISP 
> responsible.
> To address the limitation, one solution is to implement a delegated 
> RPKI setup at LIR/ISP level. This allows the chain of trust to be 
> extended to end users, granting more control over the specific IP 
> resources reallocated. See 
> https://www.arin.net/resources/manage/rpki/delegated/
> It's worth noting that this issue primarily stems from technical 
> constraints of the hosted RPKI implementation, rather than being a 
> direct policy matter related to NRPM. There's an opportunity for ARIN 
> to consider adapting its hosted setup to align with the allocation 
> structure in whois database. This integration could facilitate better 
> RPKI adoption.

Hi August,

Thanks for your clear explanation, brother!

...i think the right place to propose your fix is here [*].

[*]: Consultations & Suggestions - American Registry for Internet Numbers

Hope this helps!



> On 2023-06-23 12:20 p.m., Richard Laager wrote:
>> It is my understanding that the downstream Org cannot create RPKI 
>> ROAs for Reallocated IP Networks. For example, is 
>> reallocated to me (OrgID WIKSTR-1), but I cannot make a ROA for it.
>> This is obviously suboptimal for adopting RPKI.
>> Is this something that we could fix with Policy development, or do I 
>> need to bark up some other tree?
>> -- 
>> Richard
>> [...]
Best Regards !

baya.sylvain [AT cmNOG DOT cm]
|cmNOG's Structure <https://www.cmnog.cm/dokuwiki/Structure>|cmNOG's 
Surveys <https://survey2.cmnog.cm/>|Subscribe to cmNOG's Mailing List 
#‎LASAINTEBIBLE‬|‪#‎Romains15‬:33«*Que LE ‪#‎DIEU‬ de ‪#‎Paix‬ soit avec 
vous tous! ‪#‎Amen‬!*» #‎MaPrière‬ est que tu naisses de 
«*Comme une biche soupire après des courants d’eau, ainsi mon âme 
soupire après TOI, ô DIEU!*» (#Psaumes42:2)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20230623/a41036f4/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x0387408365AC8594.asc
Type: application/pgp-keys
Size: 6596 bytes
Desc: OpenPGP public key
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20230623/a41036f4/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20230623/a41036f4/attachment.sig>

More information about the ARIN-PPML mailing list