Christopher Morrow wrote: > Perhaps this was answered elsewhere, but: "Why is this something > ARIN (the org) should take on?"
Thanks for this question, I believe this is an important one. I reasoned about why I think RIRs are in a good position to send these emails here: [1] but I will quote from it for convenience: > Notifying affected IP Holders > > The natural next step (and that was our initial intention when > looking at INVALIDs) would be to send out emails to affected IP > holders and ask them to address the INVALIDs but although that could > be automated, we believe the impact would be better, if that email > came from some trusted entity like the RIR relevant to the affected > IP holder instead of a random entity they never had any contact > before (us). > > Asking RIRs to reach out to their members also scales better since > every RIR would only have to take care of their own members. [...] [1] https://medium.com/@nusenu/towards-cleaning-up-rpki-invalids-d69b03ab8a8c > Why can't (or why isn't) this something that 'many' > monitoring/alerting companies/orgs are offering? There are companies offering BGP monitoring including RPKI ROAs, but the affected IP holders are unlikely customers of those monitoring services or generally aware of the problem. > it's unclear, to me, why ARIN is in any better position than any > other party to perform this sort of activity? I would expect that, at > the base level, "I just got random/unexpected email from ARIN?" will > get dropped in the spam-can, while: "My monitoring company to which I > signed up/contracted emailed into my ticket-system for action.. > better go do something!" is the path to incentivize. The problem is how do you make operators aware of the problem in the first place. > The question I asked ARIN was specifically: >>> Would you be open to reach out to your affected members to >>> inform them about their affected IP prefixes? >> >> > 'how?' (email to the tech-contact? etc? did they sign up for said > monitoring and point to the right destination email catcher?) Yes that is what I had in mind (notification via email to the tech contact). kind regards, nusenu -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
signature.asc
Description: OpenPGP digital signature
