On 2014-10-23 15:02, Sandra Murphy wrote:
IRR usage, training, tools, and better hygiene, perhaps expressly
validated from resource certification from either RPKI
You might be interested in the draft-ietf-sidr-rpsl-sig-05.txt, which
suggests using RPKI to protect RPSL objects.
Yep, I'm aware of that and think that's a really useful thing if RPKI
is the resource certification infrastructure we must use.
That would help solve the trust problem in the current IRR world,
which is that most IRRs can't tell if the object being registered is
authorized. RIPE and, I think, APNIC being the exception, for their
region resources. Lots of proxy registered objects aren't a good
sign.
Agreed!
That said, if people are still having issues with IRRs and lack of
training, toolsets, and usability around them today and after deploying
RPKI they still need IRRs (and whois, and in-addr.arpa, and..) for a
whole bunch of stuff just to keep the packets flowing then the height
limit to do basic and useful things just became that much higher, and
requires a lot more care and feeding then before RPKI (even absent all
the architectural aspects of RPKI that are "interesting").
-danny
