Re: constraining RPKI Trust Anchors

[Martin Pels <martin+nanog () rodecker nl>]

Hi Job,

I think this is important work.

As you indicated in your mail you have spent quite some time compiling 
the constraints files in the appendix. Keeping them up to date requires 
tracking allocations and policy developments in all RIRs. It reminds me 
of bogon filters for unallocated IP space, and the associated problems 
of networks not updating them[0].

So while each RP should be able to make policy decisions based on its 
own local criteria, managing a default set of constraints is something 
that is best done centralized. Who do you envision should manage these 
lists? RP software maintainers? RIRs? Others?

[0] 
https://archive.nanog.org/meetings/nanog33/presentations/deitrich.pdf, 
slide 4

Kind regards,
Martin