On Thu, 09 Oct 2014 22:58:05 +0200 Christian Seitz <chris@in-berlin.de> wrote:
What I do not like at this UTRS idea is that I cannot announce a prefix via BGP. Somebody has to inject it for me. I would like to announce it in real time and not with delay because of manual approval.
While true today, it might not be true for long. It requires code to be written in order to perform the desired verification we want before blindly passing along an announcement. Code we're not motivated to write if there is insufficient interest in UTRS. Interest is looking good, so the code may soon follow. In other words, this a valid complaint, but it may have a limited life span.
One problem that I also see here is that this single entity could be forced by someone (eg. government) to blackhole some prefix. If this ever happens such a project will have to be terminated.
I've heard this once before too. I admit we probably can't provide a satisfactory answer to some who will be so distrustful of government or influence peddling to win them over, but I'll try to offer a response that I hope is fairly reasonable and satisfies the majority, and presumably any of the actual participants. There are legal questions, maneuvers and responses that might be interesting to speculate on, but I'll say simply this. Team Cymru, while established and operated within the U.S., is a global organization with team members outside of the U.S. and we rely heavily on the cooperation of global partners to do what we do. If we could be compelled to announce a black hole by someone, government or otherwise, the cooperation and inherent trust we might have with the Internet community is probably gone and we are likely finished as an organization. It would be counter to our very existence and so on that basis I hope most would agree is extremely unlikely to occur. Now if someone came up to me with a gun to my head and said type the equivalent of "ip route foonet mask 192.0.2.1" or die, I might just type it out of self preservation.
We also had some DDoS attacks via IPv6. I think it's important to also have such a service for IPv6. Starting with IPv4 is ok and better than nothing, but IPv6 should not be on the roadmap for 2018 ;-)
You are only the second person I've heard from to explicitly state as such. This is actually not terribly hard to do and I'm pretty certain could be done way before 2018. Simple to start, careful and necessary improvements as we go. Thanks for your comments Chris, John