Hi All, There is this blogpost from the FIRST netsec-sig group, about this topic, available at https://www.first.org/blog/20231222-Is-the-LoA-DoA-for-Routing I totally agree with Christopher. The above blogpost ends with (for those who don't like to follow links): "With the current level of RPKI adoption, now is time to adopt it as the best current practice, to discontinue the usage of LOAs for authorization of routing, and to instead rely on ROV, ROAs, and the cryptographic trust we all can obtain from them!" Best Regards, Carlos On Tue, 27 Feb 2024, Christopher Hawker wrote:
Hi Seth,
LOAs can't be considered more trustworthy than IRR objects. The RIRs operate IRRdb services as part of the services they offer which network operators should be using instead of the free and paid non-authoritative IRRdb operators.
If you don?t mind, could you please reach out to me off-list with who the VPS hosting provider is that is only accepting LOAs? I?d like to reach out to them to discuss their decision.
I?m doing a talk at APRICOT 2024 on using ROAs to replace LOAs. In my view there's no reason why network operators cannot use ROAs instead to validate the routes received from their peers, be they upstream or downstream.
Regards, Christopher Hawker
Sent from my iPhone
On 27 Feb 2024, at 1:57?am, Seth Mattinen via NANOG <nanog@nanog.org> wrote:
Why do companies still insist on, or deploy new systems that rely on paper LOA for IP and ASN resources? How can this be considered more trustworthy than RIR based IRR records?
And I'm not even talking about old companies, I have a situation right now where a VPS provider I'm using will no longer use IRR and only accepts new paper LOAs. In the year 2024. I don't understand how anyone can go backwards like that.
~Seth