nanog mailing list archives
Re: RPKI (was: Re: Cogent sales reps who actually respond)
From: Martijn Schmidt via NANOG <nanog () nanog org>
Date: Tue, 17 Sep 2019 22:40:24 +0000
Hi Ronald, I think we have to place our trust somewhere somehow.. I certainly don't have the time nor the skill-set which would be needed to perform due diligence on the ownership of every IP block on the Internet, and though you make a laudable effort of it yourself this responsibility can't be borne in its entirety by one volunteering person. It just doesn't scale. Given that there is (or should be) an unbroken chain of contracts and payments from IANA to RIR (to NIR) to LIR and beyond for all non-legacy resources, I'd say they are in a pretty good position to take care of the due diligence work to validate an organisation's ownership as well as its associated resources and subsequently publish the result through a cryptographic signature. If one of the RIRs or NIRs is not doing that job properly then we should (at first privately) call them out on it and push them to improve. Best regards, Martijn ________________________________ From: NANOG <nanog-bounces () nanog org> on behalf of Ronald F. Guilmette <rfg () tristatelogic com> Sent: 17 September 2019 23:48:06 To: nanog () nanog org <nanog () nanog org> Subject: RPKI (was: Re: Cogent sales reps who actually respond) In message <MN2PR17MB402947F79FD83ABB9BBF429B9E8F0 () MN2PR17MB4029 namprd17 prod outlook com>, Martijn Schmidt <martijnschmidt () i3d net> wrote:
Hi Elad, If you were to create RPKI ROAs for the IPs in question...
Thanks Martijn, for reminding me of a follow-up point that I had intended to make regarding my recent post about the 143.95.0.0/16 (Athenix) block. RPKI is the best we have and I cannot wait for the day when it will see universal deployment. But it isn't actually the 100% solution that everyone has been hoping it would be. As the case of the 143.95.0.0/16 block illustrates, if the RIR has itself been snookered into believing that party X actually owns party Y's block, then that's it. Game over, and RPKI doesn't help, because if the RIR believes that you own the block, and if you are insisting on driving it off the lot, right now, today, then they *are* going to give you the keys, even if the "keys", in future, will include some additional RPKI mumbo jumbo, along with WHOIS records reflecting your desired public persona, and reverse DNS delegation, etc. In short, it appears to me that RPKI only secures resources from the RIR outwards, and if there is a problem of either competency or trust within the RIR, then RPKI can't and won't solve that... ... but I feel sure that someone will correct me if I'm wrong. Regards, rfg
Current thread:
- Re: Cogent sales reps who actually respond, (continued)
- Re: Cogent sales reps who actually respond Tim Burke (Sep 22)
- Re: Cogent sales reps who actually respond Owen DeLong (Sep 22)
- RE: Cogent sales reps who actually respond Michel Py (Sep 23)
- Re: Cogent sales reps who actually respond Ronald F. Guilmette (Sep 16)
- Re: Cogent sales reps who actually respond Elad Cohen (Sep 17)
- Re: Cogent sales reps who actually respond Ronald F. Guilmette (Sep 17)
- Re: Cogent sales reps who actually respond Randy Bush (Sep 17)
- Re: Cogent sales reps who actually respond Martijn Schmidt via NANOG (Sep 17)
- RPKI (was: Re: Cogent sales reps who actually respond) Ronald F. Guilmette (Sep 17)
- Re: RPKI (was: Re: Cogent sales reps who actually respond) Christopher Morrow (Sep 17)
- Re: RPKI (was: Re: Cogent sales reps who actually respond) Martijn Schmidt via NANOG (Sep 17)
- Registration fraud (was Re: RPKI) Masataka Ohta (Sep 18)
- Re: Cogent sales reps who actually respond Elad Cohen (Sep 18)
- Re: Cogent sales reps who actually respond Martijn Schmidt via NANOG (Sep 17)
- Re: Cogent sales reps who actually respond Christopher Morrow (Sep 17)
- Re: Cogent sales reps who actually respond Patrick W. Gilmore (Sep 17)
- Re: Cogent sales reps who actually respond Christopher Morrow (Sep 17)
- Re: Cogent sales reps who actually respond Carlos Friaças via NANOG (Sep 17)
- Re: Cogent sales reps who actually respond Elad Cohen (Sep 18)
- Re: Cogent sales reps who actually respond Christopher Morrow (Sep 18)
- Elad Cohen (was: Re: Cogent sales reps who actually respond) Ronald F. Guilmette (Sep 18)