On Tue, Nov 19, 2024 at 10:59 AM Tom Beecher <beecher@beecher.cc> wrote:
What is, in your opinion, the perfect scenario by which the functions of the RIRs today could be structured? The 'if I could greenfield this today' idea?
Hi Tom, They'd look more or less like they do today. Rough spots aside, four of the five are working pretty well. Most of the changes I would make to the RIRs are small ones. For example, there are instances of product tying at ARIN which I think should be eliminated. The contract for RPKI service is tied to having a contract for address registration service. This is unnecessary and in my view, counterproductive. A consumer of ARIN RPKI service must be able to demonstrate lawful possession of the associated address block, but that shouldn't require holding an ARIN contract for registration of the same address block. There are larger changes I would consider, but nothing I would definitely do. Sometimes the right thing to do and the legally safe thing to do are not the same. The ARIN RPKI TAL should be available on an as-is basis. It's not. ARIN stopped demanding a signed contract, but they still assert that you're bound to a non-trivial contract as a consequence of using it. Counsel tells us offering it as-is creates a legal risk for the entire organization. Which impacts the registration services. The right answer might be forking off a separate corporate entity to implement RPKI so that they can do the right thing while only creating legal risk in their specific environment. For another example, there's a tension between the exigencies of operating a modern registry and the obligations to so-called legacy registrants taken on at the dawn of the commercial Internet. One possible relief would be to fork off a legacy registry and let it operate its own governance applicable only to those legacy registrations. Such a registry would inherently overlap the geography of the others. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/