nanog mailing list archives

Re: constraining RPKI Trust Anchors

From: Joelja Bogus <joelja () bogus com>
Date: Thu, 12 Oct 2023 06:07:36 -0700


Sent from my iPhone

On Oct 11, 2023, at 15:29, Randy Bush <randy () psg com> wrote:


So while each RP should be able to make policy decisions based on its
own local criteria, managing a default set of constraints is something
that is best done centralized. Who do you envision should manage these
lists? RP software maintainers? RIRs? Others?


and how will this pain-to-maintain list be distributed?  how do i know
a copy is authentic not an attack?

i am all for a single root of trust.  it's just that i thought it was
the iana's job.  but i am easily confused.


Not clear to me how IANA constrains the behavior of the rirs either now or in the future.

randy

Current thread:

Re: constraining RPKI Trust Anchors Martin Pels (Oct 11)
- Re: constraining RPKI Trust Anchors Delong.com via NANOG (Oct 11)
- Re: constraining RPKI Trust Anchors Job Snijders via NANOG (Oct 11)
- Re: constraining RPKI Trust Anchors Randy Bush (Oct 11)
  - Re: constraining RPKI Trust Anchors Joelja Bogus (Oct 12)