On Fri, Sep 16, 2022 at 10:41 AM William Herrin <b...@herrin.us> wrote: > > On Thu, Sep 15, 2022 at 7:32 PM Rubens Kuhl <rube...@gmail.com> wrote: > > On Fri, Sep 16, 2022 at 9:46 AM William Herrin <b...@herrin.us> wrote: > > > On Thu, Sep 15, 2022 at 4:07 PM Randy Bush <ra...@psg.com> wrote: > > > > > You could try suggesting IANA/PTI/ICANN to have a different RPKI trust > > > > > anchor and provide such services to legacy block holders. > > > > > > > > the rpki design cabal assumed the iana would be the rpki root. rir > > > > power players blocked that. so each rir is 0/0. brilliant, eh? > > > > > > Which means that all you'd need is a volunteer group with "street > > > cred" to set up an RPKI for legacy holders and then convince folks to > > > use their trust anchor too. Or have I missed something? > > > > Merit, perhaps ? > > > > But they would need to do a much stricter validation that they > > currently have in RADB, which is more like Sledgehammer motto "Trust > > me, I know what I'm doing". > > Hi Rubens, > > Last I checked, Merit was -really- expensive for RADB. I don't really > see getting more than about 5 figures total per year out of the legacy > registrants for RPKI, if that much. I think it'd have to be a > volunteer effort or something funded by someone who finds it to their > advantage that the legacy registrants publish RPKI records. Like the > way Letsencrypt is funded.
Legacy holders are sitting on millions or billions worth of assets. RADB USD 595 a year is pennies in comparison, and USD 1k or 2k a year for the RPKI service would still be 1E-10 of the asset value. Rubens
