[sidr] ARIN RPA presentation - Comments from ARIN

Fri, 09 Nov 2012 06:54:37 -0800 

Sandra - 

Regarding http://tools.ietf.org/agenda/85/slides/slides-85-sidr-14.pdf to be 
presentated
later today:

Page 10 -
> Potential Impact
> 
> • Operators have said to me “I don’t want to run anything.  I just want to 
> click on a website somewhere”
> 
> • There are already tools/sites that display stats and summaries
> 
> • There are already tools/sites that display the certification status of 
> prefixes, that display the validity of BGP routes, etc.
> 
> • Public services like Looking glass sites – extensions to report validity
> 
> • Are these modes of use permitted under the ARIN RPA

I'd like it made clear during the presentation that indeed a strict reading of 
the current 
ARIN RPA would disallow such applications, but as noted earlier in this list, 
ARIN is 
quite willing to provide waiver for such statistic, status, and summary uses.  
If we 
can find a way to safely provide a blanket waiver in a future RPA, we will do 
so.

Page 13 - 
> Object Security Architecture & Use
> 
> • Single authoritative source
> 
>       • –  Transport security: source is single point of access
> 
>       • –  Object security: Objects created by source can be mirrored by 
> anyone anywhere – global caches, regional, metro, ...
> 
> • Would the ARIN RPA prevent this object security architecture and use


I would also like it made clear during the presentation that the ARIN RPA does 
_not_ 
prevent the object security architecture, but does require that the 
participants in the 
model confirm _once_ that they follow the basic requirement of the PKIX 
architecture
(per RFC 5280) of being aware of the applicable policy for ARIN's CA.  Parties 
are free 
to replicate objects far and wide by any and all methods; it is simply 
validation that 
requires that they have accepted the RPA in the process of obtaining the TAL 
(which
presumably occurs once during their initial setup.)

In light of the above, I believe that the slides that follow ("Crazy Ideas to 
Reduce Impact")
are both appropriately titled and are likely to have questionable 
effort/payback ratios.

I apologize for sending these comments to the list rather than providing them 
via remote
participation methods, but given the number and duration of sidr sessions 
today, I cannot
be certain that I'll be online during the your presentation.

Thanks!
/John

John Curran
President and CEO
ARIN

_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr

Reply via email to