Hi All,
There is this blogpost from the FIRST netsec-sig group, about this topic,
available at
https://www.first.org/blog/20231222-Is-the-LoA-DoA-for-Routing
I totally agree with Christopher. The above blogpost ends with (for those
who don't like to follow links):
"With the current level of RPKI adoption, now is time to adopt it as the
best current practice, to discontinue the usage of LOAs for authorization
of routing, and to instead rely on ROV, ROAs, and the cryptographic trust
we all can obtain from them!"
Best Regards,
Carlos
On Tue, 27 Feb 2024, Christopher Hawker wrote:
Hi Seth,
LOAs can't be considered more trustworthy than IRR objects. The RIRs operate
IRRdb services as part of the services they offer which
network operators should be using instead of the free and paid
non-authoritative IRRdb operators.
If you don?t mind, could you please reach out to me off-list with who the VPS
hosting provider is that is only accepting LOAs? I?d like to
reach out to them to discuss their decision.
I?m doing a talk at APRICOT 2024 on using ROAs to replace LOAs. In my view
there's no reason why network operators cannot use ROAs instead
to validate the routes received from their peers, be they upstream or
downstream.
Regards,
Christopher Hawker
Sent from my iPhone
On 27 Feb 2024, at 1:57?am, Seth Mattinen via NANOG <nanog@nanog.org>
wrote:
Why do companies still insist on, or deploy new systems that rely on
paper LOA for IP and ASN resources? How can this be
considered more trustworthy than RIR based IRR records?
And I'm not even talking about old companies, I have a situation right
now where a VPS provider I'm using will no longer use
IRR and only accepts new paper LOAs. In the year 2024. I don't understand
how anyone can go backwards like that.
~Seth
