[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ARIN RPKI TAL deployment issues

Sounds reasonable to me but IANAL, nor an RIR, nor an IXP.

IXPs however do seem to be the sites of some number of recent
mis-originations (putting it as charitably as possible).

Let's try and make it harder for bad actors to do their mischief.


On Tue, Sep 25, 2018 at 3:36 PM Job Snijders <job at ntt.net> wrote:

> On Tue, Sep 25, 2018 at 03:07:54PM -0400, John Curran wrote:
> > On Sep 25, 2018, at 1:30 PM, Job Snijders <job at ntt.net> wrote:
> > >
> > >    """Using the data, we can also see that the providers that have not
> > >    downloaded the ARIN TAL. Either because they were not aware that
> > >    they needed to, or could not agree to the agreement they have with
> > >    it.
> >
> > Is it possible to ascertain how many of those who have not downloaded
> > the ARIN TAL are also publishing ROAâ??s via RIPEâ??s CA?
> I'm sure we could extend the data set to figure this out. But given the
> assymmetric relation between applying Origin Validation based on RPKI
> data and publishing ROAs, the number will be between 0% and 100% and
> over time may go up or down. So, out of curiosity, what is your
> underlaying question?
> (An example: a route server operator generally doesn't originate any BGP
> announcements themselves, but route servers are in an ideal position to
> perform RPKI based BGP Origin Validation.)
> What I'm hoping for is that there is a way for the ARIN TAL to be
> included in software distributions, without compromising ARIN's legal
> position.
> Perhaps an exception for software distributors would already go a long
> way?
>     "You can include the ARIN TAL in your software distribution as long
>     as you also include an unmodified copy of the
>     https://www.arin.net/resources/rpki/rpa.pdf file alongside it."
> Kind regards,
> Job
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180925/abde15ec/attachment.html>