[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Reaching out to ARIN members about their RPKI INVALID prefixes

Christopher Morrow wrote:
> This seems bad, at first blush, but you will not always be here to offer
> these recalcitrant folk a pointer to how to fix themselves

that is correct but I don't expect that (to be around forever) to be necessary, once the amount of
invalids are low, big operators could deploy ROV, and once that is the case
operators will get an immediate effect should they create incorrect ROAs,
which will cause a learning effect. 
At that point the amount of misconfigured ROAs would automatically remain low
because ROV somewhat forces proper ROAs.

>> it is about whether it is acceptable that RIRs (and more specifically ARIN
>> in this mailing list's context)
>> notify affected parties of their prefixes that suffer from stale ROAs.
> This I still think is a bad plan.. mostly because I don't think it'll help
> :(

If such an attempt to make people aware about their broken ROAs has no effect at all but I did no harm, 
than I'm fine with it because we at least tried.
I'm not sure I can follow the "lets not send these 31 emails because it is such a big effort and they will just
end up in the spam folder with no effect." line of reasoning.
Do you think we would be doing more harm than good by sending out these 31 emails?

> I think what helps is: "Oh, I cant get to <foo> and <bar> and <most of the
> internet>" .... I think folk that CARE will do the right thing, folk that
> 'think they care' won't and will soon get disconnected from the tubez.
> I apologize a tad if my view that: "breaking people will force them to fix
> themselves" is .... rough :(

I believe it would be more polite to tell them first before you force anything on
them by enabling ROV, but your way of doing it would certainly be more efficient ;)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180919/3d511be0/attachment.sig>