zombie-thread!
On Thu, Dec 4, 2014 at 12:39 PM, John Curran jcur...@arin.net wrote:
t (i.e. exactly the opposite of your “my routing decisions are affected
and breakage happens” statement in your prior email.)
the discussion in the thread was interesting, sometimes a bit more
personal than was
On Dec 16, 2014, at 2:19 PM, Christopher Morrow morrowc.li...@gmail.com
wrote:
zombie-thread!
On Thu, Dec 4, 2014 at 12:39 PM, John Curran jcur...@arin.net wrote:
t (i.e. exactly the opposite of your “my routing decisions are affected
and breakage happens” statement in your prior
On 5 Dec 2014, at 18:00, Nick Hilliard n...@foobar.org wrote:
On 05/12/2014 11:47, Randy Bush wrote:
and the difference is?
rpki might work at scale.
ohhh noo!
So if e.g. ARIN went offline or signed some broken
data which caused Joe's Basement ISP in Lawyerville to go offline
On Dec 6, 2014, at 3:27 AM, Alex Band al...@ripe.net wrote:
If ARIN (or another other RIR) went offline or signed broken data, all signed
prefixes that previously has the RPKI status Valid, would fall back to the
state Unknown, as if they were never signed in the first place. The state
i run rtconfig to take irr data and auto-install the fiter in my router
i run rpki-rtr to take rpki date and auto-install the fiter in my router
and the difference is?
you ean we made the second easier and more automatable? well then run
the rpki data into the handy dandy roa to irr filter and
On 05/12/2014 11:38, Randy Bush wrote:
and the difference is?
rpki might work at scale.
Nick
On Fri, 5 Dec 2014, Randy Bush wrote:
and the difference is?
rpki might work at scale.
ohhh noo!
fwiw, we had a script set running which took a route views dump,
created an ersatz roa set covering the whole table, and fetched it
into a small router or two.
which
fwiw, we had a script set running which took a route views dump,
created an ersatz roa set covering the whole table, and fetched it
into a small router or two.
which implementation?
dragon labs
randy
On Dec 5, 2014, at 6:38 AM, Randy Bush ra...@psg.com wrote:
i run rtconfig to take irr data and auto-install the fiter in my router
i run rpki-rtr to take rpki date and auto-install the fiter in my router
and the difference is?
Not much - that's very likely why RIPE's IRR terms and
On 05/12/2014 11:47, Randy Bush wrote:
and the difference is?
rpki might work at scale.
ohhh noo!
rtconfig + prefix lists were never going to work at scale, so rpsl based
filters were mostly only ever deployed on asn edges rather than dfz core
inter-as bgp sessions. This meant that
rpki might work at scale.
ohhh noo!
rtconfig + prefix lists were never going to work at scale, so rpsl based
filters were mostly only ever deployed on asn edges rather than dfz core
inter-as bgp sessions. This meant that the damage that a bad update might
cause would be relatively
On Thu, 04 Dec 2014 09:57:05 -0500, Andrew Gallo said:
In the past few months, I've spoken with, or heard second hand, from a
number of organizations that will not or cannot sign ARIN's RPKI Relying
Agreement.
Do we have a handle on *why* organizations are having issues with the
agreement?
On Thu, Dec 4, 2014 at 10:04 AM, valdis.kletni...@vt.edu wrote:
On Thu, 04 Dec 2014 09:57:05 -0500, Andrew Gallo said:
In the past few months, I've spoken with, or heard second hand, from a
number of organizations that will not or cannot sign ARIN's RPKI Relying
Agreement.
Do we have a
On Thu, Dec 4, 2014 at 10:21 AM, Christopher Morrow
morrowc.li...@gmail.com wrote:
On Thu, Dec 4, 2014 at 10:04 AM, valdis.kletni...@vt.edu wrote:
On Thu, 04 Dec 2014 09:57:05 -0500, Andrew Gallo said:
In the past few months, I've spoken with, or heard second hand, from a
number of
Honestly, that's what I'm trying to figure out as well. In my informal
conversations, what I got was that lawyers read the agreement, said 'no,
we wont sign it' and then dropped it. If specific legal feedback isn't
making it back to ARIN, then we need to start providing it, otherwise,
the
On Dec 4, 2014, at 7:35 AM, Andrew Gallo akg1...@gmail.com wrote:
In my informal conversations, what I got was that lawyers read the agreement,
said 'no, we wont sign it' and then dropped it. If specific legal feedback
isn't making it back to ARIN, then we need to start providing it,
All
On Thu, Dec 4, 2014 at 7:51 AM, Bill Woodcock wo...@pch.net wrote:
On Dec 4, 2014, at 7:35 AM, Andrew Gallo akg1...@gmail.com wrote:
In my informal conversations, what I got was that lawyers read the
agreement, said 'no, we wont sign it' and then dropped it. If specific
legal feedback
On Dec 4, 2014, at 7:35 AM, Andrew Gallo akg1...@gmail.com wrote:
In my informal conversations, what I got was that lawyers read
the agreement, said 'no, we wont sign it' and then dropped it. If
specific legal feedback isn't making it back to ARIN, then we
need to start providing it,
Hi
- Original Message -
From: Ca By cb.li...@gmail.com
On Thu, Dec 4, 2014 at 7:51 AM, Bill Woodcock wo...@pch.net wrote:
All the specific legal feedback I’ve heard is that this is a
liability
nightmare, and that everyone wants ARIN to take on all the
liability, but
nobody wants
On 12/4/2014 11:22 AM, William Herrin wrote:
On Dec 4, 2014, at 7:35 AM, Andrew Gallo akg1...@gmail.com wrote:
In my informal conversations, what I got was that lawyers read
the agreement, said 'no, we wont sign it' and then dropped it. If
specific legal feedback isn't making it back to ARIN,
On Thu, Dec 4, 2014 at 11:22 AM, William Herrin b...@herrin.us wrote:
On Thu, Dec 4, 2014 at 10:51 AM, Bill Woodcock wo...@pch.net wrote:
All the specific legal feedback I’ve heard is that this is a liability
nightmare,
and that everyone wants ARIN to take on all the liability, but nobody
Hello,
On 12/4/2014 2:33 PM, Andrew Gallo wrote:
On 12/4/2014 11:22 AM, William Herrin wrote:
Understood and good point. I've heard rumblings of setting up a
non-ARIN TAL, though I wonder what the value is in separating RPKI from
the registry. Wouldn't this put us in the same position
Hello,
On 12/4/2014 2:33 PM, Andrew Gallo wrote:
On 12/4/2014 11:22 AM, William Herrin wrote:
Understood and good point. I've heard rumblings of setting up a
non-ARIN TAL, though I wonder what the value is in separating RPKI from
the registry. Wouldn't this put us in the same position
On 12/4/14, 10:35 AM, Andrew Gallo akg1...@gmail.com wrote:
Honestly, that's what I'm trying to figure out as well. In my informal
conversations, what I got was that lawyers read the agreement, said 'no,
we wont sign it' and then dropped it. If specific legal feedback isn't
making it back to
On Dec 4, 2014, at 11:35 AM, Christopher Morrow morrowc.li...@gmail.com wrote:
...
Maybe it would be helpful for the ARIN Counsel to document in a more
public way (than the RPA) what the concerns are and how that
translates into 'different risk than the publication of whois data' ?
This is
On Dec 4, 2014, at 12:32 PM, George, Wes wesley.geo...@twcable.com wrote:
Those are operational matters, implemented by the staff, governed by the
board, who is informed by their legal council and staff. That is part of
the reason why I brought some of the issues to the NANOG community, since
On Dec 4, 2014, at 12:53 PM, John Curran jcur...@arin.net wrote:
On Dec 4, 2014, at 12:32 PM, George, Wes wesley.geo...@twcable.com wrote:
Those are operational matters, implemented by the staff, governed by the
board, who is informed by their legal council and staff. That is part of
the
Bill Woodcock wo...@pch.net writes:
On Dec 4, 2014, at 7:35 AM, Andrew Gallo akg1...@gmail.com wrote:
In my informal conversations, what I got was that lawyers read the
agreement, said 'no, we wont sign it' and then dropped it. If
specific legal feedback isn't making it back to ARIN, then
On Dec 4, 2014, at 1:01 PM, Jared Mauch ja...@puck.nether.net wrote:
I am happy to champion the change that you seek (i.e. will get it reviewed
by legal and brought before the ARIN Board) but still need clarity on what
change you wish to occur -
A) Implicit binding to the
On Thu, Dec 4, 2014 at 7:51 AM, Bill Woodcock wo...@pch.net wrote:
All the specific legal feedback I’ve heard is that this is a
liability
nightmare, and that everyone wants ARIN to take on all the
liability, but
nobody wants to pay for it.
WG] Has there been any actual discussion
Comparing what you do with Time Warner cable seems like pure hyperbole and
an attempt
as CEO to inflame community discussion at minimum.
Actually, it is to remind folks that such indemnification language is
sought by most ISPs, despite their services being used in a mission
critical mode
On 4 Dec 2014, at 18:53, John Curran jcur...@arin.net wrote:
On Dec 4, 2014, at 12:32 PM, George, Wes wesley.geo...@twcable.com wrote:
Those are operational matters, implemented by the staff, governed by the
board, who is informed by their legal council and staff. That is part of
the
On Dec 4, 2014, at 10:17 AM, George, Wes wesley.geo...@twcable.com wrote:
WG] Has there been any actual discussion about how much nobody would
have to pay for ARIN (or another party) to fix the balance of liability
and provide a proper SLA that led to no, I don't want to pay for that
On 12/4/14, 1:13 PM, John Curran jcur...@arin.net wrote:
I am happy to champion the change that you seek (i.e. will get it
reviewed
by legal and brought before the ARIN Board) but still need clarity on
what
change you wish to occur -
A) Implicit binding to the indemnification/warrant
On Dec 4, 2014, at 1:34 PM, Bill Woodcock wo...@pch.net wrote:
On Dec 4, 2014, at 10:17 AM, George, Wes wesley.geo...@twcable.com wrote:
WG] Has there been any actual discussion about how much nobody would
have to pay for ARIN (or another party) to fix the balance of liability
and provide
On Dec 4, 2014, at 11:11 AM, Robert Seastrom r...@seastrom.com wrote:
I suspect you would get a similar answer if you asked people Would you be
willing to pay ARIN for whois services or would you be willing to pay ARIN
for in-addr.arpa services”.
Actually, since those are relatively
On Dec 4, 2014, at 12:39 PM, John Curran jcur...@arin.net wrote:
On Dec 4, 2014, at 11:35 AM, Christopher Morrow morrowc.li...@gmail.com
wrote:
Note that the claims that could ensue from an operator failing to follow best
practices
and then third-parties suffering an major operational
On Dec 4, 2014, at 1:19 PM, Jared Mauch ja...@puck.nether.net wrote:
I (similar to Rob) have my own concerns about RPKI but do feel that
this is an ARIN specific construct/wall that has been raised without
action yet from ARIN.
Jared -
Please be specific - are you referring to the
On Thu, 04 Dec 2014 11:17:34 -0800, Bill Woodcock said:
the RPKI costs are many orders of magnitude higher
Orders of magnitude? Seriously? I can buy it costs 2x or 3x.
But an additional 2 or 3 zeros on the price?
pgp_PXDy5bSuP.pgp
Description: PGP signature
On Dec 4, 2014, at 11:21 AM, valdis.kletni...@vt.edu wrote:
On Thu, 04 Dec 2014 11:17:34 -0800, Bill Woodcock said:
the RPKI costs are many orders of magnitude higher
Orders of magnitude? Seriously? I can buy it costs 2x or 3x.
But an additional 2 or 3 zeros on the price?
Yep, that’s
Am I correct in thinking that the SIDR work going on in the IETF takes the
registries out of the real-time processing of route
authentication/attestation?
Is RPKI a stop-gap while we wait for full path validation? Should we be
focusing our energies in that area?
On Thu, Dec 4, 2014 at 2:19 PM,
On 12/4/14, 1:34 PM, Bill Woodcock wo...@pch.net wrote:
I’ve asked a lot of people, “Would you be willing to pay ARIN for RPKI
services,” and the answer has always been “no.” Until I get a “yes,”
it’s hard to put a number (other than zero) on how the market values
RPKI.
WG] well, if it wasn't
On Dec 4, 2014, at 11:33 AM, Jared Mauch ja...@puck.nether.net wrote:
the fact it’s taken 3 months to reach the board is of concern
Jared, ARIN is now nine years in to applying thrust to this pig. The board
does in fact revisit it with some frequency, since it’s expensive and the
primary
On Thu, 04 Dec 2014 11:28:42 -0800, Bill Woodcock said:
On Dec 4, 2014, at 11:21 AM, valdis.kletni...@vt.edu wrote:
Orders of magnitude? Seriously? I can buy it costs 2x or 3x.
But an additional 2 or 3 zeros on the price?
Yep, thats why all this is at issue. If it were cheap, and
On 12/4/14, 2:34 PM, Andrew Gallo akg1...@gmail.com wrote:
Am I correct in thinking that the SIDR work going on in the IETF takes the
registries out of the real-time processing of route
authentication/attestation?
WG] no, but they're at least discussing ways of making the dependencies
less
On 12/4/14, 2:19 PM, Sandra Murphy sa...@tislabs.com wrote:
Which begs the question for me -- ARIN already operates services that
operators rely upon. Why are they different? Does ARIN run no risk of
litigation due to some perceived involvement of those services in
someone's operational
This pig is less aerodynamic, and fewer people are pushing.
In-addr DNS and whois are simple and well-understood protocols, with many
programmer-years of software development behind them.
The problem isn't the marginal cost of a single transaction, that might only be
one or two orders of
On Dec 4, 2014, at 2:41 PM, Bill Woodcock wo...@pch.net wrote:
On Dec 4, 2014, at 11:33 AM, Jared Mauch ja...@puck.nether.net wrote:
the fact it’s taken 3 months to reach the board is of concern
Jared, ARIN is now nine years in to applying thrust to this pig. The board
does in fact
On Dec 4, 2014, at 2:33 PM, Jared Mauch ja...@puck.nether.net wrote:
the fact it’s taken 3 months to reach the board is of concern to me for an
issue
that was raised (prior to the October meeting) by operators, andwhere you
were an active part of the discussion afterwards in the back of the
On Dec 4, 2014, at 2:19 PM, Sandra Murphy sa...@tislabs.com wrote:
...
Which begs the question for me -- ARIN already operates services that
operators rely upon. Why are they different? Does ARIN run no risk of
litigation due to some perceived involvement of those services in someone's
50 matches
Mail list logo