nanog mailing list archives

Re: ARIN RPKI TAL deployment issues


From: Tony Tauber <ttauber () 1-4-5 net>
Date: Tue, 25 Sep 2018 16:14:11 -0400

Sounds reasonable to me but IANAL, nor an RIR, nor an IXP.

IXPs however do seem to be the sites of some number of recent
mis-originations (putting it as charitably as possible).

Let's try and make it harder for bad actors to do their mischief.

Thanks,
Tony


On Tue, Sep 25, 2018 at 3:36 PM Job Snijders <job () ntt net> wrote:

On Tue, Sep 25, 2018 at 03:07:54PM -0400, John Curran wrote:
On Sep 25, 2018, at 1:30 PM, Job Snijders <job () ntt net> wrote:

   """Using the data, we can also see that the providers that have not
   downloaded the ARIN TAL. Either because they were not aware that
   they needed to, or could not agree to the agreement they have with
   it.

Is it possible to ascertain how many of those who have not downloaded
the ARIN TAL are also publishing ROA’s via RIPE’s CA?

I'm sure we could extend the data set to figure this out. But given the
assymmetric relation between applying Origin Validation based on RPKI
data and publishing ROAs, the number will be between 0% and 100% and
over time may go up or down. So, out of curiosity, what is your
underlaying question?

(An example: a route server operator generally doesn't originate any BGP
announcements themselves, but route servers are in an ideal position to
perform RPKI based BGP Origin Validation.)

What I'm hoping for is that there is a way for the ARIN TAL to be
included in software distributions, without compromising ARIN's legal
position.

Perhaps an exception for software distributors would already go a long
way?

    "You can include the ARIN TAL in your software distribution as long
    as you also include an unmodified copy of the
    https://www.arin.net/resources/rpki/rpa.pdf file alongside it."

Kind regards,

Job


Current thread: