This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[ncc-services-wg] RPKI Resource Certification: building features
- Previous message (by thread): [ncc-services-wg] RPKI Resource Certification: building features
- Next message (by thread): [ncc-services-wg] RPKI Resource Certification: building features
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alex Band
alexb at ripe.net
Tue Oct 5 10:51:04 CEST 2010
On 4 Oct 2010, at 23:18, Randy Bush wrote: >> 1) We have not implemented support for this yet. We plan to go live >> with the fully hosted version first and extend it with support for >> non-hosted systems around Q2/Q3 2011. > > this is a significant slip from the 1q11 we were told in prague. care > to explain. Let me run you through the roadmap and the motivation for our choices at RIPE61. In short, everything we do is about providing *value* for our membership and the community. This means that with the resources we have, we have to make a choice between (1) offering a solution with every feature under the sun, but contains little value and usability or (2) we choose to do a phased approach where the entry barrier into the system is low, hassle is taken away from the operator, value and user-friendlyness is high while still being standards compliant and keeping the operator in the driver's seat. Soon we'll get to the full package where all options, like running your own CA, are available. It perhaps just isn't done in the order that a purist would like to see. Let me illustrate with two examples: I've delivered full day training courses on Routing Registry and DNSSEC. With the RR course, by the time I was done explaining how to use the IRRToolset to aid in making routing decisions based on the IRR, people had given up and decided that doing it manually was easier. Like you said at RIPE60: "people are voting with their feet." In the DNSSEC training, by the time I was done explaining how to do a manual key roll-over, most LIRs decided 'this is not for me, the cure is worse than the disease'. This is why I want to get back to my original point, Randy. You agreed in your first reply to me that something has to be done to create an easy way to get started with the system. We can provide a full, standards-compliant solution with up/down and every other feature, but how is that going to get all ~350,000 prefixes and ~35,000 ASs into the system with ROAs? Manually? I proposed an IRR+BGP import system as a value-added tool to help a network operator get started making ROAs. That's a pretty good starting point. Where do you suggest we go from here? Of course I appreciate everyone else's response to this thread as well! :) Cheers, -Alex
- Previous message (by thread): [ncc-services-wg] RPKI Resource Certification: building features
- Next message (by thread): [ncc-services-wg] RPKI Resource Certification: building features
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]