Dear colleagues, > On 31 Oct 2019, at 15:28, Petrit Hasani <[email protected]> wrote: > > Dear colleagues, > > A new RIPE Policy proposal, 2019-08, "RPKI ROAs for Unallocated and > Unassigned RIPE NCC Address Space" > is now available for discussion.
On the surface this proposal has merit, but I have the impression that implementing AS0 ROAs for all unallocated and unassigned address space has the potential to be operationally problematic, given incoming and outgoing resource transfers, mergers and closures of organisations, etc., while at the same time may have limited value. If the policy is adopted, this is what the RIPE NCC RPKI team will spend the coming months on implementing. However, there are in my opinion more pressing matters to address. Nathalie Trenaman outlined several of them in her RIPE 79 presentation: https://ripe79.ripe.net/archives/video/258/ I can think of some others too, such as the ability for any organisation to (programatically) bring the RPKI system to its knees by creating huge amounts of /48 ROAs for an IPv6 block. I also think it would be more valuable for the RIPE NCC and the other RIRs to have a process in case a Trust Anchor needs to perform a planned or unplanned key roll. In short, I’d like the current RPKI system to be more robust before introducing a new puzzle piece. This is why I don’t support the proposal at this time. Kind regards, Alex Band NLnet Labs
