[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Reaching out to ARIN members about their RPKI INVALID prefixes
Christopher Morrow wrote:
> Perhaps this was answered elsewhere, but: "Why is this something
> ARIN (the org) should take on?"
Thanks for this question, I believe this is an important one.
I reasoned about why I think RIRs are in a good position to send these emails here: 
but I will quote from it for convenience:
> Notifying affected IP Holders
> The natural next step (and that was our initial intention when
> looking at INVALIDs) would be to send out emails to affected IP
> holders and ask them to address the INVALIDs but although that could
> be automated, we believe the impact would be better, if that email
> came from some trusted entity like the RIR relevant to the affected
> IP holder instead of a random entity they never had any contact
> before (us).
> Asking RIRs to reach out to their members also scales better since
> every RIR would only have to take care of their own members.
> Why can't (or why isn't) this something that 'many'
> monitoring/alerting companies/orgs are offering?
There are companies offering BGP monitoring including RPKI ROAs, but
the affected IP holders are unlikely customers of those monitoring
services or generally aware of the problem.
> it's unclear, to me, why ARIN is in any better position than any
> other party to perform this sort of activity? I would expect that, at
> the base level, "I just got random/unexpected email from ARIN?" will
> get dropped in the spam-can, while: "My monitoring company to which I
> signed up/contracted emailed into my ticket-system for action..
> better go do something!" is the path to incentivize.
The problem is how do you make operators aware of the problem in the first place.
> The question I asked ARIN was specifically:
>>> Would you be open to reach out to your affected members to
>>> inform them about their affected IP prefixes?
> 'how?' (email to the tech-contact? etc? did they sign up for said
> monitoring and point to the right destination email catcher?)
Yes that is what I had in mind (notification via email to the tech contact).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature