So, one of my concerns with SIDR and it's current scope is this, which I'd very much like some clue about...
Today RIRs allocate address space and AS numbers but have NO controls over the routing system. IRRs are used for routing policy specification, and ideally, data in IRRs is used to derive router configuration elements. If SIDR is deployed in some manner, RIRs (and possibly IANA) would have the ability to control what gets routed, and that's a capability that's never existed before, and one that I would suspect operators take considerable issue with. For example, if operators subscribe to a SIDR model and an RIR gets owned and an allocation revoked, or if they happen to make a mistake that results in the same, or some bill non- payment issue arises, or can't publish an update and one expires, or whatever, then the result would be that the associated routing for the concerned prefixes would break. That's never been a threat vector before for ISPs. They wholly control and authorize what they announce. What's worse is regarding who holds those keys. If some country holding the keys (TA) goes to war with another and decides they want to revoke all of their allocations, then ISPs would have zero control over this outside of their own routing domain. One might argue this is part of the reason why DNSSEC raises deployment concerns for some, and has driven folks like .cn to deploy their own root. In my mind, a web of trust model for the routing system better mirrors what we've got today. Allocation authentication is necessary, but just that. IRRs and RPSL or even some back end route server type functions down the road, else we'll never get deployment of this. So, I'm sure suspect I'm missing something here, could folks please help me better understand both incremental deployment models and how the above isn't an issue? Thanks! -danny _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
