...
Ok, then I'll continue with mine line of thinking.
From the RIR stats files that RIRs publish daily we could get the
numbers of distinct resource holders. They are:
AFRINIC 1310
APNIC 7957
ARIN 35380
LACNIC 4278
What is the definition of a "distinct resource holder?" Does this
correspond to an account with the RIR, or is there some other definition?
Now, these are only the first level resource holders under RIRs. They
all *must* have their own CAs in order to participate in RPKI.
However, many of these first-level resource holders are NIRs
Many are NIRs? There are no many NIRs in the world, and today the ones
in APNIC (the region with the most NIRs) act as RAs, not CAs. So it's
not clear that one should be counting them.
or LIRs, who distribute resources further down to their clients. They
could choose to manage their clients' RPKI objects within their single
CA, but could also give their clients own certificates, creating next
level of CA hierarchy.
The distinction you cite here is not quite correct. Even if an LIR
manages RPKI objects for folks to whom that have sub-allocated
resources, each of those folks is represented by a CA. The question is
who runs that CA, and whether the CA's pub point lives in a different
repository.
I find it difficult to estimate how many LIRs will do this, and for
how many of their clients. But for RIPE NCC I could see that the
number of organisation objects in RIPE DB is 70746, and that should be
the upper bound of the number of CAs in our region. I don't have that
number for other regions, and don't know if it's applicable in the
same way, especially where NIRs are present.
NIRs are probably not relevant in this counting approach.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
