In private... > Can you articulate something ARIN could do which would improve the basic fact > that configuring and maintaining cryptographic validation systems is > technically challenging?
Private shame on Cisco to do something better than a half-baked implementation that breaks things ? If ARIN wants RPKI deployed, ARIN needs to understand that RPKI does not have much of a business case that executives can see, and that if it breaks even slightly security it's going to end nowhere. What do you say to orgs who give a lot of money to SpamHaus and other pricey feeds and suddenly see them ineffective because of a cheezy RPKI implementation? They won't touch it again for years and tell everyone to stay away from it. Michel -----Original Message----- From: William Herrin <b...@herrin.us> Sent: Tuesday, June 6, 2023 1:58 PM To: Michel Py <mic...@arneill-py.sacramento.ca.us> Cc: PPML <arin-ppml@arin.net> Subject: Re: [arin-ppml] implementing RPKI prefix validation actually increases risk On Tue, Jun 6, 2023 at 10:38 AM Michel Py <mic...@arneill-py.sacramento.ca.us> wrote: > the point I was trying to make was about why protocols are not being > adopted. I have some concern that RPKI may eventually die from a > thousand cuts; none of the issues are fatal, but the accumulation of > them sure is annoying. Hi Michel, Unless ARIN did something or failed to do something which contributed to the problem you described, it's not obvious that such information is useful here. Can you articulate something ARIN could do which would improve the basic fact that configuring and maintaining cryptographic validation systems is technically challenging? There are certainly things ARIN could do to improve RPKI uptake, but I'm not aware of any that are responsive to the specific concern you raised. Regards, Bill Herrin -- William Herrin b...@herrin.us https://bill.herrin.us/ _______________________________________________ ARIN-PPML You are receiving this message because you are subscribed to the ARIN Public Policy Mailing List (ARIN-PPML@arin.net). Unsubscribe or manage your mailing list subscription at: https://lists.arin.net/mailman/listinfo/arin-ppml Please contact i...@arin.net if you experience any issues.
