[rssac-caucus] FOR REVIEW: Elements of Potential Root Operators
Brian Dickson
brian.peter.dickson at gmail.com
Thu Sep 8 04:39:49 UTC 2016
Sent from my iPhone
> On Sep 7, 2016, at 8:54 PM, Terry Manderson <terry at terrym.net> wrote:
>
> Hi Brian,
>
>> On 8 Sep 2016, at 12:08 PM, Brian Dickson <brian.peter.dickson at gmail.com> wrote:
>>
>>
>> TL;DR: I disagree that recommending registration in RPKI is harmful, even if it is not necessarily widespread or mature.
>
> Please re-read my email. I'm not saying it is harmful. I'm saying it is premature to place it in the "SHOULD" category without further and thorough analysis.
>
Aaaah. I understand now.
Sorry if my reply seemed at all condescending...
> Such as an RIR and their RPKI database and the RPKI repository state? which might then allow an entity to assert a competing ROA that then allows any number of vectors?
>
> I'm certainly not being all inclusive, my point is that this is not yet well understood in the context of the root server system.
>
Yes. My analysis presumed the RIRs/RPKIs were trusted/trustworthy.
Since the 5 RIRs have their address space and corresponding RPKI roots "delegated" by ARIN/ICANN, what about a hypothetical situation where the root server operators were their own RIRs and RPKIs?
>
> By its very nature, using RPKI places a significant level of responsibility for the routing/RPKI state of root operators into at most 5 third parties. I'm not saying that is good or bad either way, but I think we need to be honest and critical of that new relationship. What is the agreement structure? What are the remediation and compliance states. Are there grounding service commitments in place?
>>
>> Is the above analysis sufficient to sway your opinion?
>
> No. Because, and despite your talent, I think this needs a more thorough review before I would see that paragraph pass
And... I concur. ;-)
> Cheers
> Terry
Brian
More information about the rssac-caucus
mailing list