Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

I don't wish to beat a dead horse but the InterNIC didn't have a contract. I still have all of the paperwork I got from them them in the early 90s, and I posted it in this forum for everyone to see several years ago. They basically just asked some questions like what do u want to use the

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

The reason that this issue is so difficult is the funding model of DNS has changed over the years, and the formation of ARIN has never completely addressed that issue. In the beginning days, DNS was in fact a large shared host file, installed on every machine. In effect, the cost of adding

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

I would be happy to see ARIN follow your advice IF I could take my registrations elsewhere. However the DNS is, like it or not, a natural monopoly. ARIN has avoided regulation thus far by honoring the legacy holders assignments. I concur with Michael that enabling DNSSEC support for legacy

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On Oct 6, 2018, at 12:50 PM, Lee Dilkie wrote: > On 2018-10-05 00:40, Jo Rhett wrote: >> And it’s time for all the unvalidated resource holders stop whining about >> their rights. You’ve had decades to join the party. We owe you nothing. > > other than owing us the existance of the internet

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On Oct 6, 2018, at 12:49 PM, Lee Dilkie wrote: > On 2018-10-05 00:40, Jo Rhett wrote: >> ARIN has real issues to deal with, and the hundred or so resource holders >> who want to keep stealing the time and effort of everyone involved in ARIN >> for their little pity party should go away > >

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On Oct 6, 2018, at 12:47 PM, Lee Dilkie wrote: > On 2018-10-05 00:40, Jo Rhett wrote: >> Refusing to authenticate resources used by holders who cannot be validated >> is a feature, not a bug. > > And validation of a resouce holder isn't the same thing as holding an RSA > contract. Let's be

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

> In light of that possibility, and considering the content of this discussion > thred so far, I am suddenly and accutely aware of my own utter and abject > ignorance with respect to many, most, or all of the issues which this > discussion has touched upon. > > Recognizing, as I do, that the PPML

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On Oct 5, 2018, at 2:05 PM, Ronald F. Guilmette wrote: > Would it be possible for ARIN to establish some kind of de minimis > validation/authentication fee, enough to cover its costs, but not > involving the acceptance of a complete LRSA? See my reply to Owen: this isn't about the money. It's

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On 2018-10-05 00:40, Jo Rhett wrote: And it’s time for all the unvalidated resource holders stop whining about their rights. You’ve had decades to join the party. We owe you nothing. other than owing us the existance of the internet itself, it's you who

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On 2018-10-05 00:40, Jo Rhett wrote: ARIN has real issues to deal with, and the hundred or so resource holders who want to keep stealing the time and effort of everyone involved in ARIN for their little pity party should go away stealing?

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On 2018-10-05 00:40, Jo Rhett wrote: Refusing to authenticate resources used by holders who cannot be validated is a feature, not a bug. And validation of a resouce holder isn't the same thing as holding an RSA

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On Oct 5, 2018, at 5:17 AM, Bill Woodcock wrote: > On Oct 4, 2018, at 21:44, Jo Rhett wrote: >> Bill, stop playing this nonsense. I referred to and respect your history, >> your attempt to play innocent is contemptible. > > This exchange was, at first, mildly amusing. I thought that you were,

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

> Just so I can get a prospective of how much money was lost for ARIN during > this discussion It doesn't matter how much money is lost. I never raised this point. > I also note that at the time this holder received his resources, ARIN did not > exist, nor was there any charge to receive

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

>> ARIN has real issues to deal with, and the hundred or so resource holders >> who want to keep stealing the time and effort of everyone involved in ARIN >> for their little pity party should go away. On Oct 5, 2018, at 1:35 AM, John Santos wrote: > With all due respect, you don't know what

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On 5 Oct 2018, at 9:14 PM, Ronald F. Guilmette wrote: > > Recognizing, as I do, that the PPML is not the best place for me to be > seeking to cure my ignorance, I hope nontheless that no one here will > begrudge me too much if I ask just a couple of additional naive (stupid?) > but arguably

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

In message , John Curran wrote: >On 5 Oct 2018, at 2:05 PM, Ronald F. Guilmette >wrote: >> >> Would it be possible for ARIN to establish some kind of de minimis >> validation/authentication fee, enough to cover its costs, but not >> involving the acceptance of a complete LRSA? > >This is

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On 5 Oct 2018, at 10:58 AM, hostmas...@uneedus.com wrote: > > Forty-one percent is NOT a low number, which is likely why ARIN is trying > hard to get more entities to sign an LRSA/RSAA. So much for thinking this > issue will go away sometime in my lifetime. Albert - ARIN isn’t particularly

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On Fri, Oct 5, 2018 at 7:49 PM John Curran wrote: > On 5 Oct 2018, at 11:03 AM, Michael Sinatra > wrote: > > ... > > That said, I am interested in hearing from David F. or John C. as to > what kinds of background research is initiated when a (L)RSA is initiated. > (Sorry, I arrived at

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On 5 Oct 2018, at 2:05 PM, Ronald F. Guilmette wrote: > > Would it be possible for ARIN to establish some kind of de minimis > validation/authentication fee, enough to cover its costs, but not > involving the acceptance of a complete LRSA? > > (As I said, I have no dog in this fight. I'm just

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On Fri, Oct 5, 2018 at 4:05 PM Ronald F. Guilmette wrote: > > In message <03730720-29e1-4cde-8ec6-737863d85...@netconsonance.com>, > Jo Rhett wrote: > > >Refusing to authenticate resources used by holders who cannot be > >validated is a feature, not a bug. > > > >My fees (and everyone elses)

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On 5 Oct 2018, at 11:03 AM, Michael Sinatra wrote: > ... > That said, I am interested in hearing from David F. or John C. as to what > kinds of background research is initiated when a (L)RSA is initiated. > (Sorry, I arrived at $current_employer only as the execution of the contracts > was

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

In message <03730720-29e1-4cde-8ec6-737863d85...@netconsonance.com>, Jo Rhett wrote: >Refusing to authenticate resources used by holders who cannot be >validated is a feature, not a bug. > >My fees (and everyone elses) pay ARIN to validate and certify the >resource holders. I have no dog in

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On 10/4/18 11:08 PM, Mark Andrews wrote: This is a complicated problem. DNSsec is about identity and is not merely a technical protocol. It requires that trust is built and maintained between the entities in the DNS tree, this trust is structured heretically so that everyone doesn't have to

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

Forty-one percent is NOT a low number, which is likely why ARIN is trying hard to get more entities to sign an LRSA/RSAA. So much for thinking this issue will go away sometime in my lifetime. However, I suspect most of the /24's reflected in the chart are actually part of those /8's that we

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On 5 Oct 2018, at 8:22 AM, Steven Ryerse mailto:srye...@eclipse-networks.com>> wrote: It does give us a better view and understanding of the Legacy issue which comes up here from time to time. John the link to the Members is helpful but it doesn't answer my question if there are any /8 who

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

@arin.net Subject: Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders The member list does not help, as I understand that many legacy holders have other resources that are not legacy such as IPv6 holdings and thus are members as well. Of course if they are a member, it it hard

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

The member list does not help, as I understand that many legacy holders have other resources that are not legacy such as IPv6 holdings and thus are members as well. Of course if they are a member, it it hard to complain about them having legacy resources, when they are otherwise a member.

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On 5 Oct 2018, at 7:24 AM, Steven Ryerse mailto:srye...@eclipse-networks.com>> wrote: So then without telling us who, are there any /8 holders that have not signed an LSRA/RSA? What about the government /8 block holders? Steven - Government agencies are often ARIN members, and thus show up

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

Networks, Inc.     Conquering Complex Networks℠ -Original Message- From: John Curran Sent: Friday, October 5, 2018 10:21 AM To: Steven Ryerse Cc: hostmas...@uneedus.com; arin-ppml@arin.net Subject: Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders On 5 Oct

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On 5 Oct 2018, at 7:00 AM, Steven Ryerse wrote: > > It would be interesting to know how many of each size legacy holders that > haven't signed are still out there. What about the big holders like AT and > others that have /8's and other large sized blocks? Have they all signed an >

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

- Office 770.392.0076 - Fax ℠ Eclipse Networks, Inc.     Conquering Complex Networks℠ -Original Message- From: ARIN-PPML On Behalf Of hostmas...@uneedus.com Sent: Friday, October 5, 2018 8:30 AM To: arin-ppml@arin.net Subject: Re: [arin-ppml] ARIN discontinuing DNSSEC

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On 5 Oct 2018, at 4:35 AM, hostmas...@uneedus.com wrote: Just so I can get a prospective of how much money was lost for ARIN during this discussion, can someone please tell me what the current minimum cost under the current RSA for someone to hold 2 /24's?

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

He did not mention an AS number. Being a small player, he might like myself get away with using one of the AS's in the private network range, or might just be single homed, in which case he does not need it. As to spinning off the Legacy holders to another registry, I do not think this is

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On Oct 4, 2018, at 21:44, Jo Rhett wrote: > Bill, stop playing this nonsense. I referred to and respect your history, > your attempt to play innocent is contemptible. Mr. Rhett: This exchange was, at first, mildly amusing. I thought that you were, perhaps, just in a foul mood, and that a

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On Fri, Oct 5, 2018 at 12:13 AM Jo Rhett wrote: > What’s happening here is that you desire to not only continue to freeload when > ARIN has spent decades trying to get you to play nice with others, but you > want ARIN to create brand new services and then give those to you for free. Every time

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On Fri, Oct 5, 2018 at 7:35 AM wrote: > Just so I can get a prospective of how much money was lost for ARIN during > this discussion, can someone please tell me what the current minimum cost > under the current RSA for someone to hold 2 /24's? Five hundred a year > seems to be the stated price,

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

Just so I can get a prospective of how much money was lost for ARIN during this discussion, can someone please tell me what the current minimum cost under the current RSA for someone to hold 2 /24's? Five hundred a year seems to be the stated price, but I am unable to calculate it based on

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

With all due respect, you don't know what you are talking about. You are attributing motives to me and other legacy holders, that are completely false and possibly libelous. And I think there are way more of us than you imagine. Received my class C from the InterNIC in 1993. Don't need any

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

> On 5 Oct 2018, at 3:52 pm, David Farmer wrote: > > > On Thu, Oct 4, 2018 based on the > at 1:15 PM Bill Woodcock wrote: > > On Oct 4, 2018, at 11:10 AM, John Curran wrote: > > ARIN had been inconsistent in our approach to ... DNSSEC services over the > > years. > > There is no room for

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On Thu, Oct 4, 2018 based on the at 1:15 PM Bill Woodcock wrote: > > On Oct 4, 2018, at 11:10 AM, John Curran wrote: > > ARIN had been inconsistent in our approach to ... DNSSEC services over > the years. > > There is no room for inconsistency in the application of security. > > You’re entirely

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

I’d like to ask the participants in this conversation to be excellent to each other. Ad-hominem arguments don’t fundamentally contribute, or further the discussion. ___ ARIN-PPML You are receiving this message because you are subscribed to the ARIN

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

Bill, stop playing this nonsense. I referred to and respect your history, your attempt to play innocent is contemptible. I’ve never once advocated for anyone to be cut off. I have advocated that those who refuse to follow the rules agreed upon decades ago without a justifiable reason should be

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

> The change is that ARIN is (or will soon be) no longer accepting DNSSEC DS > records for reverse DNS for those resources that are not covered by RSA or > LRSA. This is a change from current operational practice, and it effectively > disables the *community's* ability to validate reverse DNS

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

> On Oct 4, 2018, at 9:27 PM, Jo Rhett wrote: > >> How exactly am I freeloading, how am I not playing “nicely with others” or >> “by the rules,” > > I’ve been watching you fight to ride free Cite an example, please. > If you won’t play the rules, there is no requirement that service is

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

> How exactly am I freeloading, how am I not playing “nicely with others” or > “by the rules,” Google yourself. I’ve been watching you fight to ride free because you got addresses (like most of us on this back) back from Jon directly when this was easy. The difference is that 25 years ago a

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

> On Oct 4, 2018, at 9:13 PM, Jo Rhett wrote: > >> You’re entirely missing Michael’s point. DNSSEC is not a _treat_ that you >> dangle in front of universities, it’s an operational requirement for _the >> whole Internet_, of which your paying members are constituents. You’re >> denying

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

> I agree that we clearly need universal DNSSEC, and ARIN should not take > actions that inhibit universal DNSSEC. “Universal” DNSSEC where some parties are unauthenticated is worse than useless. Validation and certification of the resource holder is critical. These two dozen entities are

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

> You’re entirely missing Michael’s point. DNSSEC is not a _treat_ that you > dangle in front of universities, it’s an operational requirement for _the > whole Internet_, of which your paying members are constituents. You’re > denying _me_ the ability to use DNSSEC to validate addresses any

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

For me the financial price is too high *and* I didn't want to be on the wrong side when someone decided they might be a real asset. Now that I've whittled my holdings down to what I need for my own purposes, it is just financial, like Brian. ps. That's also why I haven't moved these networks to

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

Ever since the "legacy resource holders get the same services that they received upon ARIN’s formation" we knew it was only a matter of time before some new-but-now-critical service (RPKI, DNSSEC, addition of some required new Whois field, etc.) was denied to them. The "stick" part of the "carrot

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

I am a legacy holder of two /24s. I use them. I have not signed the agreement. The issue for me is 100% financial. The price is too high. ___ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

I agree that we clearly need universal DNSSEC, and ARIN should not take actions that inhibit universal DNSSEC. I understand that ARIN has taken actions to try to get the remaining legacy holders to move to an RSA. While this might be seen as a "carrot" to try to move these holders to an RSA,

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

Bill, I am personally fully committed to universal DNSSEC, and I believe that this practice deleteriously affects all ARIN members, not just legacy ones. I hope that discussion on this list will indicate a clear community consensus, so that the board can ensure that staff act upon that input.

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

> On Oct 4, 2018, at 11:10 AM, John Curran wrote: > ARIN had been inconsistent in our approach to ... DNSSEC services over the > years. There is no room for inconsistency in the application of security. You’re entirely missing Michael’s point. DNSSEC is not a _treat_ that you dangle in

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

On 4 Oct 2018, at 9:29 AM, Michael Sinatra mailto:michael+p...@burnttofu.net>> wrote: The change is that ARIN is (or will soon be) no longer accepting DNSSEC DS records for reverse DNS for those resources that are not covered by RSA or LRSA. This is a change from current operational practice,

Re: [arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

> On Oct 4, 2018, at 9:29 AM, Michael Sinatra > wrote: > I have received word of an apparent change in ARIN operational policy... > ...no longer accepting DNSSEC DS records for reverse DNS for those resources > that are not covered by RSA or LRSA. This is a change from current > operational

[arin-ppml] ARIN discontinuing DNSSEC capability to legacy holders

Hi, All of my $employer's number resources are covered by RSA or LRSA, but I have received word of an apparent change in ARIN operational policy from holders of legacy resources who are not 100% covered by RSA or LRSA. The change is that ARIN is (or will soon be) no longer accepting DNSSEC