nanog mailing list archives
Re: constraining RPKI Trust Anchors
From: Martin Pels <martin+nanog () rodecker nl>
Date: Wed, 11 Oct 2023 10:01:53 +0200
Hi Job, I think this is important work.As you indicated in your mail you have spent quite some time compiling the constraints files in the appendix. Keeping them up to date requires tracking allocations and policy developments in all RIRs. It reminds me of bogon filters for unallocated IP space, and the associated problems of networks not updating them[0].
So while each RP should be able to make policy decisions based on its own local criteria, managing a default set of constraints is something that is best done centralized. Who do you envision should manage these lists? RP software maintainers? RIRs? Others?
[0] https://archive.nanog.org/meetings/nanog33/presentations/deitrich.pdf, slide 4
Kind regards, Martin
Current thread:
- Re: constraining RPKI Trust Anchors Martin Pels (Oct 11)
- Re: constraining RPKI Trust Anchors Delong.com via NANOG (Oct 11)
- Re: constraining RPKI Trust Anchors Job Snijders via NANOG (Oct 11)
- Re: constraining RPKI Trust Anchors Randy Bush (Oct 11)
- Re: constraining RPKI Trust Anchors Joelja Bogus (Oct 12)