Yes, Reverse DNS is appropriate for these Identifiers. That is not
normally an RIR issue, as I understand it.
Assuming that hte working group does indeed move to LISP DDT, as it has
indicated, there is no intention to use RPKI within this space.
The question of how proxy advertisements, which go into the normal
system, will interact with RPKI, and SIDR in general, is indeed an
important and complicated question which needs further investigation.
The correct answer to securing conventional advertisements by proxies is
not obvious to me.
The current proposals on the table would allow a large number of
different players to originate proxy advertisements for large blocks of
EIDs. that's fine if the question is "are you willing to deliver the
traffic for these?" It is rather harder if the question is "Are you
authorized to deliver traffic for these?" as there is not yet an
authorization model for proxies.
Which brings us back to the point that if we need to resolve these sorts
of questions before doing the allocation then we are not going to do the
allocation quickly.
Yours,
Joel
On 1/12/2013 9:07 AM, Sander Steffann wrote:
Hi,
I would note in passing that
A) There is no particular reason that EID registration / allocation needs to be
done by the RIRs
A') There is no reason to prohibit the RIRs from providing this function, in
competition with others, if they are interested
B) There is no particular indication that the RIRs are interested in running
such a function, and I would hate to see us mandate that they help with an
experiment unless they are interested in it.
I think it would be appropriate to ask the Address Policy working groups of the
different RIRs. I think it's a good idea to approach the chairs of those
working groups once there is a bit more clarity on the way the addresses are
supposed to be used.
PS: There is more to it than just handing out the addresses: reverse DNS and
RPKI might be appropriate for this address space. The RIRs do have the
infrastructure in place to support them. There are other ways to delegate
reverse DNS, and maybe we choose not to support RPKI for this address space,
but we should keep those things in mind...
Cheers,
Sander
_______________________________________________
lisp mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/lisp
