Job, and others, We (ARIN) did receive the request in our suggestions portal late last week. We will be reviewing the submission and posting updates on the ARIN public website. A few contributors to this thread have used this vehicle to make their own submissions for new features or product enhancements, some of which have led to being developed and delivered to the ARIN community. Anyone interested in participating in the Consultations and Suggestions process can do so by proceeding to the following link (https://www.arin.net/participate/community/acsp/) to learn more about the program.
Best regards, Brad Gorman Sr Product Owner, Routing Security American Registry for Internet Numbers On 6/27/23, 10:44 AM, "ARIN-PPML on behalf of Job Snijders via ARIN-PPML" <[email protected] <mailto:[email protected]> on behalf of [email protected] <mailto:[email protected]>> wrote: Hi all, On Sun, Jun 25, 2023 at 01:06:47PM -0500, Brian Knight via ARIN-PPML wrote: > If I understand the below right, the assigner / upstream may delegate > authority (create ROAs) to originate the route, but may not delegate > management of that authority to the assignee. > > I'm saying it may be helpful to have delegation of management as well. If I, > the assigner, could perhaps issue a cryptographic delegation of management > to an assignee for specific prefixes A, B, ..., N, I no longer have to > manage the delegation of authority (the ROAs) on behalf of my customer; my > customer can just create & manage it themselves. > > Perhaps combined with that cryptographic object from the assigner, an > assignee's ROAs for those prefixes could be validated. The assigner is still > attesting to the validity of the assignment, just indirectly. The > cryptographic object I'm imagining would state that the assigner delegates > management of a set of prefixes to an assignee, establishing a chain of > trust between the two. > > Managing ROAs isn't an onerous workload for me in particular. But it may be > for others. It would also more closely match what is possible in IRR. It seems a reasonable enhancement request to ask ARIN to enable folks to delegate full RPKI authority to the receipient of SWIPed space. For some parties it would be a time-saver: "go create/maintain your ROAs yourself!", but it wouldn't be for everyone. I can also imagine that as part of the SWIP agreement the receipient may only originate from a specific ASN for a specific purpose and is not authorized to change things. I'd like to encourage ARIN to investigate possible enhancements to the delegation of RPKI management in the Hosted environment (rpki.arin.net). Kind regards, Job _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected] <mailto:[email protected]>). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml <https://lists.arin.net/mailman/listinfo/arin-ppml> Please contact [email protected] <mailto:[email protected]> if you experience any issues. _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List ([email protected]). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact [email protected] if you experience any issues.
