Dear Martin, On Wed, Oct 11, 2023 at 10:01:53AM +0200, Martin Pels wrote: > I think this is important work.
Thanks! > As you indicated in your mail you have spent quite some time compiling > the constraints files in the appendix. Keeping them up to date > requires tracking allocations and policy developments in all RIRs. It > reminds me of bogon filters for unallocated IP space, and the > associated problems of networks not updating them [0]. Yes, indeed there is a burden associated with this risk mitigation approach. I deem tracking of ratified policies in all RIRs feasible, but yeah... it'll definitely be a recurring quarterly todo item. The current approach in developing these default constraint listings is to focus on coarse-grained filters, and not bother to document unallocated space because the resulting churn would hard to manage & distribute. > So while each RP should be able to make policy decisions based on its > own local criteria, managing a default set of constraints is something > that is best done centralized. Who do you envision should manage these > lists? RP software maintainers? RIRs? Others? I guess initially it'll be the RP developers (like me), because who else is chartered to produce such listings at this moment? I do intend to keep [1] updated. Would you like to help? :-) I envision the default constraints can be distributed via packages like rpki-trust-anchors [2] and integral in operating systems like OpenBSD in order to reduce the burden on operators. A potential follow-up exercise here could be to propose to increase the level of detail in IANA's IPv4 Address Space Registry [0] by - for example - documenting the longer-than-/8 blocks each RIR transferred to AFRINIC when AFRINIC was instantiated. Kind regards, Job [0]: https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xhtml [1]: https://www.ietf.org/archive/id/draft-snijders-constraining-rpki-trust-anchors-00.html [2]: https://packages.debian.org/stable/rpki-trust-anchors
