On Sat, Jan 8, 2011 at 2:47 PM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
I don't think rr.arin.net and RPKI have anything to do with each other. I think the direction the RPKI should/is taking is to have the
I at least think that whatever future and time-table is planned for RPKI, this should not stand in the way of ARIN offering an effective authentication mechanism for the ARIN IRR. FYI, the reply I received from ARIN was that there are no plans to improve its authentication capability. I didn't ask why and don't really care why it has never had anything more than MAIL-FROM in the past. Either it should be improved (IMO) or it shouldn't be. I really do wonder what ARIN's plan is if a bad guy decides to forge emails and delete or modify some or all of the objects. Would they just shut it down, improve authentication, or keep doing business as usual? I am always surprised that black hat folks do not do things like this when faced with a damaging vulnerability that can easily be exploited with no way to trace the activity back to the bad guy. -- Jeff S Wheeler <jsw@inconcepts.biz> Sr Network Operator / Innovative Network Concepts