On Thu, Sep 15, 2022 at 7:32 PM Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Sep 16, 2022 at 9:46 AM William Herrin <bill@herrin.us> wrote:
On Thu, Sep 15, 2022 at 4:07 PM Randy Bush <randy@psg.com> wrote:
You could try suggesting IANA/PTI/ICANN to have a different RPKI trust anchor and provide such services to legacy block holders.
the rpki design cabal assumed the iana would be the rpki root. rir power players blocked that. so each rir is 0/0. brilliant, eh?
Which means that all you'd need is a volunteer group with "street cred" to set up an RPKI for legacy holders and then convince folks to use their trust anchor too. Or have I missed something?
Merit, perhaps ?
But they would need to do a much stricter validation that they currently have in RADB, which is more like Sledgehammer motto "Trust me, I know what I'm doing".
Hi Rubens, Last I checked, Merit was -really- expensive for RADB. I don't really see getting more than about 5 figures total per year out of the legacy registrants for RPKI, if that much. I think it'd have to be a volunteer effort or something funded by someone who finds it to their advantage that the legacy registrants publish RPKI records. Like the way Letsencrypt is funded. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/