Re: [proj-bgp] adding graphs for actually unreachable RPKI INVALID prefixes to RPKI Monitor?

["Montgomery, Douglas (Fed)" <dougm () nist gov>]

Michel,

First, thanks for your continued support as a taxpayer.

Second, in general our mission is limited to supporting the development and promulgation of consensus standards and the 
development of test / measurement methods and guidance to accelerate their adoption.   In particular we are not well 
positioned to provide operational Internet services of the nature you describe.

Of course what you describe would not be hard to do if some commercial or other organization wished to do so .... with 
the following caveats:

1.  You should follow the discussion of draft-ietf-sidrops-validating-bgp-speaker which proposed standardizing an 
approach to doing what you suggest.  Many on this thread think that it is a counterproductive idea to do this.  See 
discussion starting here:

https://mailarchive.ietf.org/arch/msg/sidrops/6lDz5dI-jg-OhpGR4xKRZ6lYZRA

2. There are some legal issues regarding the redistribution of machine readable RPKI data/results to third parties.  
See below section 5 Prohibited Conduct:

https://www.arin.net/resources/rpki/rpa.pdf


What we can do is continue to contribute to the development of standards, produce prototypes and test and measurement 
tools and publish deployment guidance to help foster adoption.  For example see the follow draft publication:
https://www.nccoe.nist.gov/projects/building-blocks/secure-inter-domain-routing

You mention other suggestions of how we can improve test and measurement services.  We welcome all input on that.  
Maybe contact me off list and we can discuss the other ideas.


Thanks,
dougm
--
Doug Montgomery, Manager Internet  & Scalable Systems Research @ NIST
 

On 9/17/18, 11:04 PM, "Michel Py" <michel.py () tsisemi com> wrote:

    Doug,
    
    > Montgomery, Douglas wrote :
    > The new monitor has significant additions in the areas of diagnostics, and highlights issues of
    > interest such as path / customer cone analysis of prefixes that cover invalid originations.
    
    Thanks for all the work. More visibility will help. I have made some private suggestions to how you could enhance 
the service, and I would add one :
    provide a BGP feed available to the public with invalid RPKI prefixes with a distinct BGP community describing why 
the prefix is invalid.
    
    We are in an impossible situation where ISPs don't want to discard invalid RPKI prefixes because they can't deal 
with the customer backshlash of doing it; nothing to gain, money to lose. Money wins.
    
    There is another side of this coin, though : you are a government employee. I pay you.
    As a taxpayer, I think the US governement should provide a better service to US companies with theRPKI collected 
data. Analysis without action is interesting, but not always federal funding.
    
    Best regards,
    
    Michel.
    
    TSI Disclaimer:  This message and any files or text attached to it are intended only for the recipients named above 
and contain information that may be confidential or privileged. If you are not the intended recipient, you must not 
forward, copy, use or otherwise disclose this communication or the information contained herein. In the event you have 
received this message in error, please notify the sender immediately by replying to this message, and then delete all 
copies of it from your system. Thank you!...