We need at least these things to exist: o an accurate mapping of resource (netblock/asn) to authorized-entity (RIR/NIR/LIR/Customer/...) o a system to manage this data for our routing equipment
see all the sidr documents in last call to go from i-ds to rfcs. oh, you co-chair sidr :)
o protocol enhancements that can be used to help propagate the mapping information or at the least help a router programmaticly understand if a resource is being used by the authorized entity
see draft-ietf-sidr-rpki-rtr-07
o routing software that can digest the enhanced data
in test. rumors of going normal release from at least one vendor in q2
o routing hardware that won't crumple under the weight of (what seems like) heavier weight routing protocol requirements
actually, the formal rpki-based origin-validation stuff is measured to take *less* cpu, a lot less, than ACLs
There is, of course, some risk with this model and we should take the time to accept/discuss that as well.
some guidance toward ameliorating the risks are in <draft-ietf-sidr-rpki-origin-ops-00.txt>. input from ops into all this stuff would be most welcome. randy