Stephen Kent wrote: > At 2:33 AM -0400 10/7/08, Brian Dickson wrote: >> G... >> >> I'm not sure if any or all of these kinds of use cases are appropriate, >> but if any of them are, they may serve to demonstrate the compactness >> achievable with this representation. >> >> Examples: >> RIR->LIR, RIR has certain specific policies it wishes to enforce >> regarding LIR assignments to end-users -- anything bigger than /X >> requires justification (i.e. approval) and registration (i.e. ROA). >> Either RIR has to create a large swath of ROAs, each of size /X, or it > > > When I got to this statement, I became very concerned. A ROA is > generated by a prefix holder to specify an AS that the prefix holder > authorizes to originate a route to the prefix in question. Thus, an > RIR (or NIR) should never be signing a ROA. Only ISPs and subscribers > who are multi-homed or who have PI address space should be generating > ROAs. > > I didn't read the rest of your message to validate the other examples > you offered, but this one seems seriously out of whack.
I think there are definitely boundary issues on "who owns IP space" that are very relevant, and very timely. Yes, I understand that "who owns" the space is "who generates the ROA". My question is, if the RIR's policy is that the RIR owns the space, not the ISP, what then? Nothing in the framework can or should mandate what an RIR does. (RIRs may take guidance, but are ultimately responsive to their membership, not the IETF.) Case in point - the "IP Transfer Policy for IPv4" issue, in the ARIN region (and likely mirrored in the other RIR regions)... (You may want to take a look at the ARIN public policy mailing list archives, if you aren't already on that list.) The main issue is, if IP space is *fully* under the control of the ISP, then that ISP can assign the whole block to some third party, e.g. for money (aka, "sell" or "rent" the block). Compare that to the model where the RIR *never* gives full control of the block, but instead signs an ROA with the ISP's ASN listed as being allowed to originate it, possibly with more-specifics. It differs from the current model, but then, everything about ROAs differs from the current model. So, I don't believe my example is "out of whack" at all, and is something that might not have been considered, but is definitely an unresolved and important issue. Brian _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
