> On May 4, 2019, at 21:41 , Ronald F. Guilmette <[email protected]> wrote:
>
>
> In message
> <F04ED1585899D842B482E7ADCA581B8472A70BB6@newserver.arneill-py.local
> Michel Py <[email protected]> wrote:
>
>> And now this comes, which is going to scare the bleep out of everyone who
>> has to deal with these issues in the real world.
>
> You say that like it's a bad thing.
>
> If univeral RPKI deployment is really The Solution, as many appear to
> claim, then maybe it's time that some folks had the bleep scared out of
> them in order to make it actually happen. I mean universally.
As it currently stands, RPKI alone is little more than a cryptographically
signed
indication of what you need to prepend to your hijack announcement.
> I confess to being woefully ignorant of all this. So if Michael or anyone
> wants to enlighten me about what the hold up is, and why we don't already
> have universal RPKI deployment, I'm all ears.
This is my current understanding… I may be slightly wrong, but I think
this is the gist of the situation anyway…
1. RPKI depends on distribution of a Trust Anchor Locator (TAL).
2. Because (politics) and (ICANN), there’s no universal TAL.
3. To work around (2) each RIR has its own TAL which signs the
following:
All IPv4 prefixes longer than 0.0.0.0/0
All IPv6 prefixes longer than ::/0
4. Because (lawyers) and (US politics), the ARIN TAL is not
freely available without agreement to a license which:
(1) Prohibits redistribution without imposing the same
terms on each recipient
(2) Requires you to indemnify ARIN and hold ARIN harmless
for any damages that result from your use of the TAL.
5. Lots of people don’t like the contract and refuse to sign it.
> Personally, I am not wedded to any specific solution. I just want the
> obvious and abundant routing problem(s) solved. Any port in a storm.
I want the problem solved, too. But asking ARIN to solve it is a little bit
like asking the guy that drives the ice cream truck to stop people from
speeding in your neighborhood.
He may know who all the kids are, but he has no law enforcement powers.
Owen
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
