APNIC continues to have a final /8 policy and can allocate or assign
up to a /23 to new entrants from its holdings. APNIC reclaims unused
IP addresses.
https://www.apnic.net/manage-ip/ipv4-exhaustion/
On Wed, Feb 17, 2021 at 9:15 AM Jennifer Sims wrote:
>
> Pretty sure APNIC is out of addresses
On Wed, Feb 17, 2021 at 9:21 AM Christopher Morrow
wrote:
>
> On Tue, Feb 16, 2021 at 6:06 PM Michael Thomas wrote:
> >
> >
> > Basically are there places that you can't get allocations? If so, what
> > is happening?
>
> isn't the answer to this:
> "All except AFRNic announced their pools were
The LOA type model is one of the ones we showed on slideware when we
presented RTA in IETF, and at the CloudFlare RPKI workshop years ago.
The detached signature model inherent in RTA and RSC goes to "you
define the business logic" It's not proscriptive. I saw nothing
proposed here which I thought
Google honour https://tools.ietf.org/html/rfc8805 Which they also authored.
A bunch of people are proposing a geofeed: RPSL marker to catalog how
to find the feed.
-G
On Thu, Mar 11, 2021 at 7:38 PM William Guo wrote:
>
> Google has its internal GeoIP team.
>
> But the data quality is not so go
The two proposals for RPKI signed attestatations, RSC and RTA, look
candidates for a role this. The primary question is not "who are you"
which OAuth is about, it is "what resources do you control, which
would inform what we're doing here" -which is what RPKI is about.
it's important to be clear,
When an RIR asserts geo in Whois, it's derived from the organisational
data, but usually/often then self asserted. It was asserted by the
delegate, during registration.
When an RIR asserts geo in organisational data, it's self-asserted
through a filter of things like Dunn & Bradstreet and company
the 5tuple includes protocol so increased adoption of QUIC alongside
TCP bound services effectively does increase the potential size of the
NAT binding table but if we're really a single-browser model and all
going to QUIC enabled webs, the effective outcome is to burn the port
space in UDP, not in
I don't see SKEY style OTP lists as inherently bad. "its how you do
it" which concerns me, not that it is done.
-G
On Tue, Mar 24, 2020 at 9:33 AM Christopher Morrow
wrote:
>
> On Mon, Mar 23, 2020 at 7:00 PM Michael Thomas wrote:
> >
> > On 3/23/20 3:53 PM, Sabri Berisha wrote:
> >
> > Hi,
> >
AS0 RPKI system deployed in production (Prop132)
The AS0 RPKI system previously in test has now been deployed to production.
This completes implementa
On Wed, Oct 27, 2021 at 6:31 AM Shawn wrote:
>
> Curious if any IRR databases are mirroring/importing ROA data - creating
> route|6 objects from ROA?
>
> LACNIC requires a route object to be created when creating a ROA.
> APNIC you create a route object, then may generate a ROA during that
> proc
Wouldn't it be cool if we had a cryptographic mechanism to sign an
authority to the IRR publisher to eject old data.
Some way you could prove you have control of the asset, and the let the
RADB people know you repudiated some old data, made under somebody else's
authority which you can't remove d
mmand because I
control the assets"
G
On Sat, 13 Nov 2021, 11:18 am Rubens Kuhl, wrote:
>
>
> On Fri, Nov 12, 2021 at 9:56 PM George Michaelson
> wrote:
>
>> Wouldn't it be cool if we had a cryptographic mechanism to sign an
>> authority to the IRR publisher t
I would normally not contribute to this, but I think having been a
passive participant of the IPng mail lists through the 80s-90s I like
the quality of reflecting "did we get what we wanted". I'm not writing
here as an RIR employee (which I am) but as somebody who was along for
the ride. We didn't
A long time ago, in another country, JANET had a mail list to discuss
email, in a world before DNS. And, when DNS emerged, JANET mail list
made a *deliberate* decision to make the domain order of UK email
domains the reverse of every other country worldwide. A DELIBERATE
decision. (I was there, on
On Thu, Oct 3, 2019 at 11:39 AM Doug Barton wrote:
>
> Yes, IPv6 suffers from Second System Syndrome. No this is not news,
> neither is it malleable (no matter how much whinging about roads not
> taken occurs).
Which is why I said:
> On 10/2/19 6:30 PM, George Michaelson wrote:
On Thu, Oct 3, 2019 at 12:12 PM Masataka Ohta
wrote:
>
> George Michaelson wrote:
> > Or, why we even have SRC in the header: it does not
> > inform routing.
>
> Primarily for ICMP.
Could look inside beyond first header state to see DST as payload.
optimisation for I
A fair comment would be "you massively mis-remember" and in both
JANET-Email and IPv6 terms, I would not disagree. We're talking about
things done, decisions made 35 or more years ago, to 25 years ago and
my brain has had many fine beers since then.
But the intent remains the same: we made choices
I own domains backed by gsuite/postini and they are awesomely spam
free, and good. What I say here shouldn't be taken as saying I don't
want that goodness.
I also work in domains which routinely get mis-tagged as spammy by
google, and that can include replying to google staffers. This isn't
good.
I don't want to over-state it, but 'number of prefices' slways feels
to me like a potential mis-measure. Not that you don't want to know
it, but % of announced space for a given origin-as feels like it might
be closer to the story, because there can be so many different ways to
announce it as dis-
There are two parts of the problem. The first is the assumption of
risk: the current model of operation in the US (like in other western
economies) puts the onus of risk of misuse of the card on specific
actors. When you change the basis from signature (fraud) to chip+pin
(leak of knowledge) you ha
Don't bother: It was removed 24+ h ago after we got alerted
George
On Tue, Mar 7, 2017 at 2:10 PM, Mark Andrews wrote:
>
> In message <6bcda810-52cd-4efe-9a69-4b1aabc90...@burn.net>, Brandon Applegate
> writes:
>> Just did a whois on the documentation prefix and was surprised to see
>> what loo
if I was an ISP (Im not) and a CDN came and said "we want to be inside
you" (ewww) why wouldn't I say "sure: lets jumbo"
not even "asking for a friend" I genuinely don't understand why a CDN
who colocates and is not using public exchange, but is inside your
transit boundary (which I am told is act
1500 14XX 1500
> embedded CDN <--> B4 <— > 6RD <— > client
> 1500. 14XX 1500
>
> Now you can increase the first 1500 easily. The rest of the path not so
> easily.
>
>> On 19 Jan 2018, at 9:53 am, George Mi
Updating RPKI trust anchor configuration
---
APNIC has completed the process of transitioning from its previous Resource
Public Key Infrastructure (RPKI) trust anchor arrangement to a new single trust
anchor configuration. Each RIR will publis
On 06/12/2010, at 8:25 AM, Felipe Zanchet Grazziotin wrote:
> Hi John,
>
> On Sun, Dec 5, 2010 at 8:13 PM, John Levine wrote:
>
>> I've been pondering IPv6 setups, and I don't understand how IPv6 rDNS
>> is supposed to work. It's clear enough how you look up any particular
>> address, but it'
procmail is a rewrite of MMDF mailfilter. badly.
On Thu, Apr 10, 2014 at 8:42 AM, Christopher Morrow wrote:
> On Wed, Apr 9, 2014 at 6:27 PM, John R. Levine wrote:
> >>> The most "sane" out-of-mind response should only be sent *if* the
> >>> out-of-mind person is named explicitly as a recipien
you don't know the values passed by protocol, only the values
exposed in header.
(this may have changed. I don't use it any more)
On Thu, Apr 10, 2014 at 11:58 AM, John R. Levine wrote:
> On 4/9/2014 5:45 PM, George Michaelson wrote:
>>
>>> procmail is a rewri
It got a pretty firefight discussion at the NZNOG. None of the ISPs feel
comfortable with it, but in avoiding a shoot-the-messenger syndrome they
tried to give good feedback to the reps from GCSB who came to talk.
Basically, a lot of post-act variations are expected to clarify what
changes do and d
like a bit of an overreach?
>
> - - ferg
>
>
> [1]
>
> https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act
> [2] https://en.wikipedia.org/wiki/National_security_letter
>
>
> On 5/13/2014 6:40 AM, George Michaelson wrote:
>
> > It got a
no. you misunderstand.
The value proposition is not spam: that works with unallocated space.
The value proposition is gaming google page rank, by using widely spread and
legitimately routed IPs to force your paying customers page rank high, by hits
and references. This is a very high value bus
On 09/03/2012, at 1:03 PM, Jon Lewis wrote:
> On Fri, 9 Mar 2012, George Michaelson wrote:
>
>> The value proposition is gaming google page rank, by using widely spread and
>> legitimately routed IPs to force your paying customers page rank high, by
>> hits and referen
questions please contact me.
George Michaelson (g...@apnic.net)
Please add the following to your trust anchor set:
rsync://rpki.apnic.net/repository/apnic-rpki-root-afrinic-origin.cer
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMLL96YV9p
On 16/10/2012, at 4:15 AM, Randy Bush wrote:
>> APNIC will be switching to a new RPKI 'split' trust anchor system on
>> the 25th of October. This change is needed to align APNIC administered
>> resources with their allocation hierarchy. These resources will also
>> be certified under each respon
On 16/10/2012, at 11:09 AM, David Conrad wrote:
> George,
>
> On Oct 15, 2012, at 8:44 PM, George Michaelson wrote:
>> Once there is a global trust anchor, you can validate the 5 APNIC operating
>> CA under a single root, single TAL. Until then, an APNIC TAL is necessary
for two asynchronous, otherwise unconnected systems, using TCP/IP there is
a state transition sequence which can be shown to work if you stick to it.
There are also (I believe) corner cases when you send unexpected sequences,
and some of them have known behaviours
in that sense, the question: "doe
CRISP is dead. RDAP is real. If people need to script, then RDAP is
workable JSON and for once, has converged on sensible stuff in both names
and numbers.
the whois "problem" is a formalism owned by ICANN, but as DRC pointed out
the WHOIS solution is dispersed.
RPSL lies to one side btw. I wish
http://rdap.apnic.net/
redirects to a web page documenting service
http://rdap.apnic.net/ip shows a json error response
http://rdap.apnic.net/ip/203.119.0.0/24
shows the /24 record for 203.119.0.0/24
-G
On Thu, Jan 8, 2015 at 1:59 PM, shawn wilson wrote:
> On Wed, Jan 7, 2015 at 10:22 PM,
X.400 required a session key. IIRC you had to know the other side of the
mail exchange and do (weak, but of the time what we did) shared secret
swaps to bootstrap the protocol.
Of course, a cheat-sheet of 'your idea will not work because [ ]' kills it,
but I do recall with some fondness that in th
Hey!
New message, please read <http://tweakinghealth.com/making.php?av>
George Michaelson
On Wed, Jun 10, 2015 at 2:06 PM, Lorenzo Colitti
wrote:
> On Wed, Jun 10, 2015 at 8:30 PM, Karl Auer wrote:
>
> > Seems to me that N will vary depending on what you are trying to do.
>
>
> Remember, what I'm trying to do is avoid user-visible regressions while
> getting rid of NAT. Today in IPv4
Dec gave you the source on Microfiche. If you want to change LAT just read,
and find your Bliss32 compiler.
On Mon, Jun 29, 2015 at 9:04 PM, Scott Whyte wrote:
>
>
> On 6/29/15 20:17, Johnny Eriksson wrote:
>
>> Javier Henderson wrote:
>>
>> Or XNS. On the other hand, people did have a nice c
I agree. I think its over stated. But I do think there was a more direct
customer-disadvantage outcome, albiet increadibly brief. I think a bunch of
people like me have now got a better sense our always-on backend is
'brittle' even if very very strong, most of the time.
http://www.google.com/appss
we're already outside our operating envelope, if these community
expectation figures are believable. a wise man once said to me that when
setting formal conformance targets its a good idea to only set ones you can
honestly achieve, otherwise you're setting yourself up to be measured to
fail. I don'
you removed a clause in that sentence randy:
"we're already outside our operating envelope, if these community
expectation figures are believable"
there is a point to that clause. its the same as your answer in some
respects.
On Fri, Sep 13, 2013 at 8:39 AM, Randy Bush wrote:
> > we're alread
I am probably closer to consumer behaviour at home than most of you. I
don't regard my home router as a vehicle for hackery beyond clue I can find
on the end user public lists and rarely if ever even apply that, and I run
stock factory billion code on my billion ADSL2+ home gateway.
I just enabled
I have been looking at acl management s/w in the freecode space and I can find
lots of tools which manage/distribute and test ACLs in routers.
I'm wondering if anyone has written a parser which can construct rule-trees and
get rid of the cruft, unusable, order-misorder and other issues in a larg
On 19/08/2010, at 1:00 PM, Randy Bush wrote:
>> something which can take a couple of hundred basic and extended ACLs and
>> tell you
>> these don't work
>> these conflict
>> the remaining have a sequence and can reduce to this basic set
>
> maybe you could go the other direction. as oppose
On 19/08/2010, at 1:38 PM, Randy Bush wrote:
> one more comment. be careful aggregating filters. the peer may
> actually announce all those damed frags, especially in massively
> de-aggregated places such as india, indonesia, ...
>
> randy
I should have been clearer that I really only want t
I realize that this is quite long, so if you've gotten this far,
congratulations! I hope it was useful.
Doug
Well said Doug.
-G
On 13/10/2009, at 12:54 PM, Doug Barton wrote:
On Oct 12, 2009, at 7:34 PM, Justin Shore
wrote:
I'm actually taking an IPv6 class right now and the topic of
customer assignments came up today (day 1). The instructor was
suggesting dynamically allocating /127s to residential customers.
Avoid broken/slow servers:
"afrinic" =>
"ftp://ftp.afrinic.net/pub/stats/afrinic/delegated-afrinic-latest";,
"apnic" =>
"ftp://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest";,
"lacnic"=>
"ftp://ftp.lacnic.net/pub/
Call for data: IPv6 enabled service logfile analysis
APNIC is seeking operators of high-traffic webhosts, and other public
facing services who can provide logfiles for their IPv6 enabled
instances. Our intention is to analyse these for the distribution of
IPv4, and the various sub-classes o
Hi. it's been handled, so sorry for a bit of delay, which is due to the
APNIC/Apricot meeting going on in KL.
This problem was caused by missing WHOIS "domain" objects.
APNIC staff are helping Matthew to resolve the problem.
-George
On 05/03/2010, at 6:37 AM, Matthew Petach wrote:
> Would any
As part of the ongoing measurement of traffic in 1.0.0.0/8 three /24s from the
range are shortly going to be announced by AARNet, via AS7575:
1.0.0.0/24
1.1.1.0/24
1.2.3.0/24
This will be happening over the next week or so.
cheers
-George
54 matches
Mail list logo
