Re: ARIN / RIR Pragmatism (WAS: Re: RADB)

[Danny McPherson <danny () tcb net>]

On 2014-10-25 06:57, Sandra Murphy wrote:
> Other RIR based RIRs have the same ability to protect prefixes in
> their realm of control.  (See RFC 2725 RPSS)(*)  (I think that APNIC
> is doing pretty much as RIPE is.)
>
> Even RIPE is not secure for prefixes outside their region.  (There's
> one maintainer that anyone can use to register anything for resources
> outside the region - password publicly available, etc.)
>
> Non-RIR based IRRs do not have the ability to tie the register-er to
> authority for the resource, so they have no base on which to build 
> the
> RIPE sort of security.

Those are fair points Sandy, I agree they need to be resolved.

It's just that RPKI feels like a _really heavy solution to _that 
problem.  That said, if that problem were solved nearly all of what I 
care about with regard to routing security (and inter-domain 
anti-spoofing) could be addressed.

-danny