[arin-ppml] RPKI for Reallocations

Fri Jun 23 14:57:25 EDT 2023

Dear ARIN-PPML,

Hope this email finds you in good health!

Please see my comment below, inline...

Thanks.

Le 23/06/2023 à 18:03, August Yang via ARIN-PPML a écrit :
> Current hosted RPKI implementations across all RIRs follow a 
> hierarchical structure, where access to manage ROAs terminates at the 
> party directly allocated corresponding resources. IPv6 reverse DNS is 
> another example. If you've received a small IPv6 subnet through 
> reallocation, you may face similar restrictions in managing name 
> servers through ARIN Online, necessitating contact with the LIR/ISP 
> responsible.
>
> To address the limitation, one solution is to implement a delegated 
> RPKI setup at LIR/ISP level. This allows the chain of trust to be 
> extended to end users, granting more control over the specific IP 
> resources reallocated. See 
> https://www.arin.net/resources/manage/rpki/delegated/
>
> It's worth noting that this issue primarily stems from technical 
> constraints of the hosted RPKI implementation, rather than being a 
> direct policy matter related to NRPM. There's an opportunity for ARIN 
> to consider adapting its hosted setup to align with the allocation 
> structure in whois database. This integration could facilitate better 
> RPKI adoption.
>

Hi August,

Thanks for your clear explanation, brother!

...i think the right place to propose your fix is here [*].

__
[*]: Consultations & Suggestions - American Registry for Internet Numbers
<https://www.arin.net/participate/community/acsp/>

Hope this helps!

Shalom,

--sb.

>
>
> On 2023-06-23 12:20 p.m., Richard Laager wrote:
>> It is my understanding that the downstream Org cannot create RPKI 
>> ROAs for Reallocated IP Networks. For example, 206.9.80.0/24 is 
>> reallocated to me (OrgID WIKSTR-1), but I cannot make a ROA for it.
>>
>> This is obviously suboptimal for adopting RPKI.
>>
>> Is this something that we could fix with Policy development, or do I 
>> need to bark up some other tree?
>>
>> -- 
>> Richard
>> [...]
-- 
Best Regards !

baya.sylvain [AT cmNOG DOT cm]
|cmNOG's Structure <https://www.cmnog.cm/dokuwiki/Structure>|cmNOG's 
Surveys <https://survey2.cmnog.cm/>|Subscribe to cmNOG's Mailing List 
<https://lists.cmnog.cm/mailman/listinfo/cmnog>|
__
#‎LASAINTEBIBLE‬|‪#‎Romains15‬:33«*Que LE ‪#‎DIEU‬ de ‪#‎Paix‬ soit avec 
vous tous! ‪#‎Amen‬!*» #‎MaPrière‬ est que tu naisses de 
nouveau.#Chrétiennement‬
«*Comme une biche soupire après des courants d’eau, ainsi mon âme 
soupire après TOI, ô DIEU!*» (#Psaumes42:2)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20230623/a41036f4/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x0387408365AC8594.asc
Type: application/pgp-keys
Size: 6596 bytes
Desc: OpenPGP public key
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20230623/a41036f4/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.arin.net/pipermail/arin-ppml/attachments/20230623/a41036f4/attachment.sig>