This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[routing-wg] New on RIPE Labs: Resource Certification (RPKI) Data Quality and Usage
- Previous message (by thread): [routing-wg] New on RIPE Labs: Resource Certification (RPKI) Data Quality and Usage
- Next message (by thread): [routing-wg] New on RIPE Labs: Resource Certification (RPKI) Data Quality and Usage
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Randy Bush
randy at psg.com
Fri Feb 24 08:15:25 CET 2012
> there was once a time, I liked your brief statements. This one is now > so brief and cryptic that I simply don't fully get the message between > the lines. i suspect the problem here is not brevity but rather understanding of the origin validation work and perception of the social and technical function of the ncc. >> https://labs.ripe.net/Members/AlexBand/resource-certification-rpki-in-the-real-world >>> >>> We are considering changing the interface to make ROAs only valid for >>> a limited time, for example one year. This means that at least once a >>> year, ROAs need to be reviewed and renewed by the operator, giving >>> them a chance to compare the ROAs against real-world BGP. >> >> we think you should be doing something annually. so to force you into >> doing so, we will break your network unless you do it. fracking >> brilliant! let us remember that, once upon a time, ripe and the ncc had an oft- repeated statement that they were not at all involved in routing. this was seen as good. to me, it still is. unfortunately, because it is based on authentication of the address allocation hierarchy, the rpki involves the rirs and nirs. as this hierarchy is used to authenticate *routing* objects, rpki roas, this involves the rirs/nirs in routing. the statement i quoted from the url above is a really scary example of an rir saying they will use a threat to routing to *encourage* what they see as desirable social behavior. i am utterly uninterested in whether that social behavior is desirable or not. i am exceedingly disturbed that a threat to my routing is used to affect social behavior. and remember, a roa is not even allocation certification. it is an object i ask to have created to express an aspect of my routing policy. a mediocre anolog: should all route: and route6: objects be deleted from whois/irr if they have not been updated in a year? randy
- Previous message (by thread): [routing-wg] New on RIPE Labs: Resource Certification (RPKI) Data Quality and Usage
- Next message (by thread): [routing-wg] New on RIPE Labs: Resource Certification (RPKI) Data Quality and Usage
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]