nanog mailing list archives
RE: ARIN RPKI TAL deployment issues
From: Michel Py <michel.py () tsisemi com>
Date: Wed, 26 Sep 2018 01:20:43 +0000
Jared,
Jared Mauch wrote : Saying “nobody validates their prefixes” is patently false. You may not. I may not, but there are a number of networks that are and have advertised that they are.
I did validate mine, but in the ARIN region I'm part of the only 2% that did, that's close enough to "nobody" for me, in context compared to RIPE numbers.
Michel, It would be a shame if you created a ROA and it could not be validated in some non-english speaking corner of the world that put your assets at risk due to this posture. The community needs secure by default for all regions and the barriers for ARIN IP space are a real and measured problem. It’s time to end this disparity as right now not all TALs are equal. They should be.
I agree, but it's not that simple. The main issue I currently see with RPKI / ROA is not the ARIN TAL (altough I am directly affected) but the fact that nobody or almost nobody actually enforces RPKI. Most operators who are validating RPKI prefixes keep carrying them even when they are invalid, which makes the entire thing completely useless. And yes I know, it's not that simple ;-) And it may be shameless self-plugin, but I think we need to encourage experiments that actually try to enforce RPKI. Michel. TSI Disclaimer: This message and any files or text attached to it are intended only for the recipients named above and contain information that may be confidential or privileged. If you are not the intended recipient, you must not forward, copy, use or otherwise disclose this communication or the information contained herein. In the event you have received this message in error, please notify the sender immediately by replying to this message, and then delete all copies of it from your system. Thank you!...
Current thread:
- Re: ARIN RPKI TAL deployment issues, (continued)
- Re: ARIN RPKI TAL deployment issues Job Snijders (Sep 25)
- RE: ARIN RPKI TAL deployment issues Michel Py (Sep 25)
- Re: ARIN RPKI TAL deployment issues Tony Tauber (Sep 25)
- Re: ARIN RPKI TAL deployment issues John Curran (Sep 25)
- Re: ARIN RPKI TAL deployment issues Job Snijders (Sep 25)
- Re: ARIN RPKI TAL deployment issues John Curran (Sep 25)
- Re: ARIN RPKI TAL deployment issues Job Snijders (Sep 25)
- Re: ARIN RPKI TAL deployment issues John Curran (Sep 25)
- RE: ARIN RPKI TAL deployment issues Michel Py (Sep 25)
- Re: ARIN RPKI TAL deployment issues Jared Mauch (Sep 25)
- RE: ARIN RPKI TAL deployment issues Michel Py (Sep 25)
- Re: ARIN RPKI TAL deployment issues Job Snijders (Sep 25)
- Re: ARIN RPKI TAL deployment issues Mark Milhollan (Sep 26)
- Re: ARIN RPKI TAL deployment issues John Curran (Sep 27)
- Re: ARIN RPKI TAL deployment issues Stuart Henderson (Sep 28)
- Re: ARIN RPKI TAL deployment issues Anderson, Charles R (Sep 28)
- Towards an RPKI-rich Internet (and the appropriate allocation of responsibility in the event an RIR RPKI CA outage) John Curran (Sep 30)
- Re: ARIN RPKI TAL deployment issues Jared Mauch (Sep 25)
- Re: ARIN RPKI TAL deployment issues John Curran (Sep 25)
- Re: ARIN RPKI TAL deployment issues Christopher Morrow (Sep 25)
- Re: ARIN RPKI TAL deployment issues John Curran (Sep 26)
- Re: ARIN RPKI TAL deployment issues Jared Mauch (Sep 26)