Date: Sat, 08 Jan 2011 15:47:51 +0900 From: Randy Bush <randy@psg.com> ... more recent rumors, and john's posting here, seem to indicate that ...
even to the extent that i know what's really happened or happening, i'd be loathe to comment on rumours. i have high confidence in arin's board and staff, and i believe that the right things are happening, even with the delays. "right things" as in what's best for the community and for the internet industry in the arin service region. as a strong proponent of rpki and of all things like rpki that will strengthen infrastructure, i remain delay-tolerant if review is the cost of getting it right.
first, it would really help if the arin bot and management were much more open about these issues and decisions. at the detailed level. we are all not fools out here, present company excepted :). for a radical example, considering that arin is managing a public resource for the community, why are bot meetings not streamed a la cspan?
can you cite some examples of nonprofit companies whose boards operate at the level of transparency you're asking me to consider in this example? the process of rolling out something like rpki involves some checks and balances, it's no longer just a simple matter of the technical people "doing the right thing" even though i remember older times when that was the way most things on the internet worked.
i do not see how you are going to get rid of the liability. you have it now in whois/irr if i use it for routing (except they are so widely known to be bad data that the world knows i would be a fool to bet on them). whether the source of a roa is a user whacking on an arin web page or by other means, you still attested to the rights to that address space.
my own belief here (not speaking for ARIN or for the ARIN BoT) is that the folks who use IRR/whois data to build route filters have a confidence level much lower than those who will use RPKI to do the same will have. i know that if i still had "enable" on anything other than my home router, that's how i'd feel. also, liability isn't just "got rid of" it's also documented and risk-managed, and doing that may require some kind of internal review.
but all this is based on inference and rumor. can you please be more open and direct about this? thanks.
i don't know. john (speaking for ARIN) gave an excellent and complete answer that i completely agree with. you're repeating some rumours which i won't comment on one way or the other. if you have specific questions which were not answered by john's response or which were raised by john's response you should ask them. saying "i heard a rumour, would anyone care to refute it?" is not going to move the conversational line of scrimmage at all. paul