Re: Reaching out to ARIN members about their RPKI INVALID prefixes

[Christopher Morrow <morrowc.lists () gmail com>]

On Wed, Sep 19, 2018 at 1:19 AM Job Snijders <job () instituut net> wrote:

> On Wed, Sep 19, 2018 at 01:07:42AM -0700, Christopher Morrow wrote:
> > > it is about whether it is acceptable that RIRs (and more
> > > specifically ARIN in this mailing list's context) notify affected
> > > parties of their prefixes that suffer from stale ROAs.
> >
> > This I still think is a bad plan.. mostly because I don't think it'll
> > help :( I think what helps is: "Oh, I cant get to <foo> and <bar> and
> > <most of the internet>" .... I think folk that CARE will do the right
> > thing, folk that 'think they care' won't and will soon get
> > disconnected from the tubez.
> >
> > I apologize a tad if my view that: "breaking people will force them to
> > fix themselves" is .... rough :(
>
> What about an one-off outreach effort?
first I'm certainly happy about any progress on the 'RPKI DONE RIGHT'
direction, and specifically Job you as a person have made some awesome
progress here getting IXP/ISP folk to move to OV and RPKI deployments, and
adding RPKI/ROA data into the NTT IRR.

but.. I'm skeptical of distinct efforts like this.
I think something like (I think these folk still offer this service: "bgp
monitoring") BgpMon's monitoring service is what we should aim for: "A
service that RPKI users have signed up for"

Else: "ends up in spam folder" :(


> We need to somehow kickstart the feedback loop, especially if we expect
> effects to become forceful. I'm hoping that if the invalid count is low
> enough it'll become more attractive for more people flip the switch and
> deploy OV.
Sure.... but: "can not access a majority of the internet?" seems like a
good signal to the affected folks.



> Kind regards,
>
> Job