nanog mailing list archives

Re: constraining RPKI Trust Anchors

From: "Delong.com via NANOG" <nanog () nanog org>
Date: Wed, 11 Oct 2023 12:14:28 -0700

Isn’t this sort of related to the AS-0 ROA effort a while back (except some of the RIRs rejected it, unfortunately)?

I suspect that the same reasons behind rejection of AS-0 will also apply to RIR implementation of something like this, 
so plans to address that (and revive AS-0 perhaps) might also be a worthy effort.

Owen

On Oct 11, 2023, at 01:01, Martin Pels <martin+nanog () rodecker nl> wrote:

Hi Job,

I think this is important work.

As you indicated in your mail you have spent quite some time compiling the constraints files in the appendix. Keeping 
them up to date requires tracking allocations and policy developments in all RIRs. It reminds me of bogon filters for 
unallocated IP space, and the associated problems of networks not updating them[0].

So while each RP should be able to make policy decisions based on its own local criteria, managing a default set of 
constraints is something that is best done centralized. Who do you envision should manage these lists? RP software 
maintainers? RIRs? Others?

[0] https://archive.nanog.org/meetings/nanog33/presentations/deitrich.pdf, slide 4

Kind regards,
Martin

Current thread:

Re: constraining RPKI Trust Anchors Martin Pels (Oct 11)
- Re: constraining RPKI Trust Anchors Delong.com via NANOG (Oct 11)
- Re: constraining RPKI Trust Anchors Job Snijders via NANOG (Oct 11)
- Re: constraining RPKI Trust Anchors Randy Bush (Oct 11)
  - Re: constraining RPKI Trust Anchors Joelja Bogus (Oct 12)