Sounds reasonable to me but IANAL, nor an RIR, nor an IXP. IXPs however do seem to be the sites of some number of recent mis-originations (putting it as charitably as possible).
Let's try and make it harder for bad actors to do their mischief. Thanks, Tony On Tue, Sep 25, 2018 at 3:36 PM Job Snijders <[email protected]> wrote: > On Tue, Sep 25, 2018 at 03:07:54PM -0400, John Curran wrote: > > On Sep 25, 2018, at 1:30 PM, Job Snijders <[email protected]> wrote: > > > > > > """Using the data, we can also see that the providers that have not > > > downloaded the ARIN TAL. Either because they were not aware that > > > they needed to, or could not agree to the agreement they have with > > > it. > > > > Is it possible to ascertain how many of those who have not downloaded > > the ARIN TAL are also publishing ROA’s via RIPE’s CA? > > I'm sure we could extend the data set to figure this out. But given the > assymmetric relation between applying Origin Validation based on RPKI > data and publishing ROAs, the number will be between 0% and 100% and > over time may go up or down. So, out of curiosity, what is your > underlaying question? > > (An example: a route server operator generally doesn't originate any BGP > announcements themselves, but route servers are in an ideal position to > perform RPKI based BGP Origin Validation.) > > What I'm hoping for is that there is a way for the ARIN TAL to be > included in software distributions, without compromising ARIN's legal > position. > > Perhaps an exception for software distributors would already go a long > way? > > "You can include the ARIN TAL in your software distribution as long > as you also include an unmodified copy of the > https://www.arin.net/resources/rpki/rpa.pdf file alongside it." > > Kind regards, > > Job >
