[ vix, apologies for giving you both barrels. you unintentionally pushed a hot button or two ]
Randy, what is the model you have in mind for running a routing registry infrastructure that is sustainable and trustworthy enough for uses such as RPKI, i.e. who could/should be running it?
<ietf heresy> the pki wg sat with their thumbs up their nether sides for a decade instead of working on a trust topology that mapped something a bit more operationally realistic than x.500. </ietf heresy> so all we have is a hierarchic trust model. luckily, that matches the topology of the resources we are tracking, ip address space and asns. like ipv6, we're not going to go back a few decades and change either the allocation topology (iana->{rirs+legacy}->...->...) or x.509. [ and yes, i have put some time into thinking about hacking a pgp-based solution. probably i am just not smart enough. but i asked a bunch of folk smarter than i (target rich environment, i know), and did not find optimism. ] so whether we like it or not, the rpki underlies formally verifiable routing security. it's all we have. and i care a real lot about formally verifiable routing security. a real lot. so this is why i am so deeply concerned about the iana and the rirs' actions, policies, engineering, operations, ... on this stuff. we are married to them whether either side likes it or not, at least until the youngest kid leaves for uni or gets a job.
I guess I'm arguing that from my non-North-American perspective, an ARIN with a carefully extended mandate could be of much help here. So even if you're unhappy with the current ARIN governance, maybe it would still be worthwhile for the community to fix that issue - unless there are credible alternatives.
i do not see much alternative. maybe if we could pry the iana away from the domainer slime and the usg and maybe move it to iceland, it could allocate directly and we could dump the regional address cartel. but it it not likely. so we as the ops community need to work to make the iana/rir system, pretty much as it is today, do the rpki deployment in a manner we can trust and with which we can be comfortable. randy