I remember having this discussion more than 20yrs ago, minus the ARIN bit, couldn't get every to agree to it it then either :(. We don't need more rules, we just need to start with basic hygiene. Was a novel idea :)
On Mon., Apr. 20, 2020, 2:41 p.m. Christopher Morrow, < morrowc.li...@gmail.com> wrote: > On Mon, Apr 20, 2020 at 12:25 PM Tom Beecher <beec...@beecher.cc> wrote: > > > > Technical people need to make the business case to management for RKPI > by laying out what it would cost to implement (equipment, resources, > ongoing opex), and what the savings are to the company from protecting > themselves against hijacks. By taking this step, I believe RPKI will become > viewed by non-technical decision makers as a 'Cloudflare initiative' > instead of a 'good of the internet' initiative, especially by some > companies who compete with Cloudflare in the CDN space. > > you say here: "RPKI" > but the cloudflare thing is a little bit more nuanced than that, right? > 'RPKI" is really: "Did you sign ROA for your IP Number Resources?" > what you do with the RPKI data is the 'more nuanced' part of the webpage. > 1) Do you just sign? > 2) do you sign and also do Origin Validation(OV) for your peers? > 3) do you just do OV and not sign your own IP Number Resources? > > I think CloudFlare (and other folk doing bgp security work) would like > 'everyone' to: > 1) sign ROA for their IP number resources > 2) enable OV on your peerings > 3) prefix filter all of your peerings > > > I believe that will change the calculus and make it a more difficult > sell for technical people to get resources approved to make it happen. > > I don't think that's the case... but I'm sure we'll be proven wrong :) > > -chris >
