> We need at least these things to exist: > o an accurate mapping of resource (netblock/asn) to > authorized-entity (RIR/NIR/LIR/Customer/...) > o a system to manage this data for our routing equipment
see all the sidr documents in last call to go from i-ds to rfcs. oh, you co-chair sidr :) > o protocol enhancements that can be used to help propagate the > mapping information or at the least help a router programmaticly > understand if a resource is being used by the authorized entity see draft-ietf-sidr-rpki-rtr-07 > o routing software that can digest the enhanced data in test. rumors of going normal release from at least one vendor in q2 > o routing hardware that won't crumple under the weight of (what > seems like) heavier weight routing protocol requirements actually, the formal rpki-based origin-validation stuff is measured to take *less* cpu, a lot less, than ACLs > There is, of course, some risk with this model and we should take the > time to accept/discuss that as well. some guidance toward ameliorating the risks are in <draft-ietf-sidr-rpki-origin-ops-00.txt>. input from ops into all this stuff would be most welcome. randy
