Chris, On September 7, 2016 at 4:42:21 AM, Christopher Morrow ([email protected]) wrote: I don't disagree that running a CA is 'simple'... I think though that if the RIRs are in a position where there won't be a single root above them 'for a while' (it's been ~10 yrs at this point) but they feel they need to move forward with something, is this direction acceptable? is it better to document that decision and it's gotchas than to not move forward at all? or to 'continue waiting for the single root' to arrive? For blood pressure spiking reasons, I have been trying to keep out of this discussion, but this put me over the edge.
As far as I am aware, ICANN as the IANA Internet Numbering Functions Operator, has been and continues to be willing to provide RPKI "single root" services. In point of fact, ages ago, I personally authorized non-trivial expenditures (including hiring staff) to set up and deploy a working RPKI root pilot to allow the RIRs to test working with a single root as directed by the IAB in https://www.iab.org/documents/correspondence-reports-documents/docs2010/iab-statement-on-the-rpki/: "Thus, the IAB strongly recommends a single root aligned with the root of the address allocation hierarchy (now part of the IANA function). " After said testbed deployment, I was informed that none of the RIRs were interested in participating in the tests. I will admit a high level of amazement and not a small amount of disappointment at the fascinating level of complexity being created in order to avoid a single root. This is not technical. Regards, -drc
signature.asc
Description: Message signed with OpenPGP using AMPGpg
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
