Sounds reasonable to me but IANAL, nor an RIR, nor an IXP. IXPs however do seem to be the sites of some number of recent mis-originations (putting it as charitably as possible). Let's try and make it harder for bad actors to do their mischief. Thanks, Tony On Tue, Sep 25, 2018 at 3:36 PM Job Snijders <job@ntt.net> wrote:
On Tue, Sep 25, 2018 at 03:07:54PM -0400, John Curran wrote:
On Sep 25, 2018, at 1:30 PM, Job Snijders <job@ntt.net> wrote:
"""Using the data, we can also see that the providers that have not downloaded the ARIN TAL. Either because they were not aware that they needed to, or could not agree to the agreement they have with it.
Is it possible to ascertain how many of those who have not downloaded the ARIN TAL are also publishing ROA’s via RIPE’s CA?
I'm sure we could extend the data set to figure this out. But given the assymmetric relation between applying Origin Validation based on RPKI data and publishing ROAs, the number will be between 0% and 100% and over time may go up or down. So, out of curiosity, what is your underlaying question?
(An example: a route server operator generally doesn't originate any BGP announcements themselves, but route servers are in an ideal position to perform RPKI based BGP Origin Validation.)
What I'm hoping for is that there is a way for the ARIN TAL to be included in software distributions, without compromising ARIN's legal position.
Perhaps an exception for software distributors would already go a long way?
"You can include the ARIN TAL in your software distribution as long as you also include an unmodified copy of the https://www.arin.net/resources/rpki/rpa.pdf file alongside it."
Kind regards,
Job