<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang=EN-US link="#0563C1" vlink="#954F72" style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal>On 18 November 2021, the ARIN Advisory Council (AC) accepted "ARIN-prop-304: Deprecation of the 'Autonomous System Originations' Field" as a Draft Policy.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Draft Policy ARIN-2021-8 is below and can be found at:</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>https://www.arin.net/participate/policy/drafts/2021_8/</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>You are encouraged to discuss all Draft Policies on PPML. The AC will evaluate the discussion in order to assess the conformance of this draft policy with ARIN's Principles of Internet number resource policy as stated in the Policy Development Process (PDP). Specifically, these principles are:</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>* Enabling Fair and Impartial Number Resource Administration</p><p class=MsoNormal>* Technically Sound</p><p class=MsoNormal>* Supported by the Community</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The PDP can be found at:</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>https://www.arin.net/participate/policy/pdp/</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Draft Policies and Proposals under discussion can be found at:</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>https://www.arin.net/participate/policy/drafts/</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Regards,</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Sean Hopkins</p><p class=MsoNormal>Senior Policy Analyst</p><p class=MsoNormal>American Registry for Internet Numbers (ARIN)</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Draft Policy ARIN-2021-8: Deprecation of the 'Autonomous System Originations' Field</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Problem Statement:</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>In the last two decade ARIN has developed multiple services which provide mechanisms for Internet Number Resource holders to publish information about their routing intentions.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The concept of the ‘OriginAS’ field was invented in an era where RPKI did not yet exist. Additionally, back then, ARIN’s Internet Routing Registry (IRR) followed a weak authorization model compared to what’s in use nowadays. The concept of ‘OriginAS’ was an improvement compared the other mechanisms that were available at that time.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>As the community’s understanding of BGP routing security best practises matures, a movement towards cryptographically verifiable attestations rather than plain-text interfaces can be observed.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The existence of the ‘OriginAS’ (in addition to RPKI and IRR services) might confuse INR holders, who have to overcome the challenge of figuring out how to publish their routing intentions. Having too many options to choose from (some of which have tangible downsides, as described below) might be detrimental to operations.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Issues with entering data into the OriginAS field:</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>The semantics of the OriginAS field are unclear: the scope of the field extends to assignment boundaries, not to ‘routing’ boundaries. It is not trival to make it clear through the OriginAS field that one half of the assignment is to be originated by AS X, and the other half of the assignment by AS Y. This leads to a situation where the user will enter both AS X and AS Y for the entire assignment. This problem does not exist in RPKI and IRR, both RPKI and IRR permit to define routing intentions to a more fine-grained and precise level.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Issues with consumption of the OriginAS field:</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Consuming the ‘OriginAS’ field in a high-scale automated pipeline is challenging: the consumer needs to enter into a ‘Bulk Whois Data’ agreement with ARIN, then download a multiple-gigabytes XML file (which is only generated once a day), parse this XML, and then extract the OriginAS field. Querying objects one-by-one via the HTTPS interface does not scale well.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Issues with nonverifiability of the OriginAS field contents:</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Notwithstanding that the transport to retrieve the Bulk Whois Data file from ARIN’s servers is secured using TLS, it is not possible for consumers of the data to verify whether it was the Resource Holder that entered the values in the OriginAS field, or some other entity.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Policy statement:</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Remove Section 3.5 “Autonomous System Originations” of the NRPM in its entirety.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Timetable for implementation: TBD by ARIN. ARIN should take as much time as they deemed requirement to inform the community and facilitate migrations to IRR and/or RPKI.</p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Policy Term: Permanent</p><p class=MsoNormal><o:p> </o:p></p></div></body></html>