RE: ARIN RPKI TAL deployment issues

[Michel Py <michel.py () tsisemi com>]

Jared,

> Jared Mauch wrote :
> Saying “nobody validates their prefixes” is patently false.  You may not.  I may not, but there are a number of 
> networks that are and have advertised that they are.

I did validate mine, but in the ARIN region I'm part of the only 2% that did, that's close enough to "nobody" for me, 
in context compared to RIPE numbers.

> Michel, It would be a shame if you created a ROA and it could not be validated in some non-english speaking corner of 
> the world that
> put your assets at risk due to this posture.  The community needs secure by default for all regions and the barriers 
> for ARIN IP space
> are a real and measured problem.  It’s time to end this disparity as right now not all TALs are equal.  They should 
> be.

I agree, but it's not that simple.
The main issue I currently see with RPKI / ROA is not the ARIN TAL (altough I am directly affected) but the fact that 
nobody or almost nobody actually enforces RPKI. Most operators who are validating RPKI prefixes keep carrying them even 
when they are invalid, which makes the entire thing completely useless.
And yes I know, it's not that simple ;-)

And it may be shameless self-plugin, but I think we need to encourage experiments that actually try to enforce RPKI.

Michel.

TSI Disclaimer:  This message and any files or text attached to it are intended only for the recipients named above and 
contain information that may be confidential or privileged. If you are not the intended recipient, you must not 
forward, copy, use or otherwise disclose this communication or the information contained herein. In the event you have 
received this message in error, please notify the sender immediately by replying to this message, and then delete all 
copies of it from your system. Thank you!...