[routing-wg] New on RIPE Labs: Resource Certification (RPKI) Data Quality and Usage

> there was once a time, I liked your brief statements. This one is now
> so brief and cryptic that I simply don't fully get the message between
> the lines.

i suspect the problem here is not brevity but rather understanding of
the origin validation work and perception of the social and technical
function of the ncc.

>> https://labs.ripe.net/Members/AlexBand/resource-certification-rpki-in-the-real-world
>>> 
>>> We are considering changing the interface to make ROAs only valid for
>>> a limited time, for example one year. This means that at least once a
>>> year, ROAs need to be reviewed and renewed by the operator, giving
>>> them a chance to compare the ROAs against real-world BGP.
>> 
>> we think you should be doing something annually.  so to force you into
>> doing so, we will break your network unless you do it.  fracking
>> brilliant!

let us remember that, once upon a time, ripe and the ncc had an oft-
repeated statement that they were not at all involved in routing.  this
was seen as good.  to me, it still is.

unfortunately, because it is based on authentication of the address
allocation hierarchy, the rpki involves the rirs and nirs.  as this
hierarchy is used to authenticate *routing* objects, rpki roas, this
involves the rirs/nirs in routing.

the statement i quoted from the url above is a really scary example of
an rir saying they will use a threat to routing to *encourage* what
they see as desirable social behavior.  i am utterly uninterested in
whether that social behavior is desirable or not.  i am exceedingly
disturbed that a threat to my routing is used to affect social behavior.

and remember, a roa is not even allocation certification.  it is an
object i ask to have created to express an aspect of my routing policy.

a mediocre anolog: should all route: and route6: objects be deleted from
whois/irr if they have not been updated in a year?

randy