Personally, since all RPKI accomplishes is providing a cryptographically signed notation of origin ASNs that hijackers should prepend to their announcements in order to create an aura of credibility, I think we should stop throwing resources down this rathole. Owen
On Sep 18, 2018, at 4:56 AM, nusenu <nusenu-lists@riseup.net> wrote:
Dear NANOG,
when I approached ARIN about how they feel about reaching out to their members about prefixes that are unreachable in a route origin validation (ROV) environment, John Curran (CEO ARIN) referred me to you (see email bellow - quoted with permission).
The question I asked ARIN was specifically:
Would you be open to reach out to your affected members to inform them about their affected IP prefixes?
John Curran (CEO ARIN) wrote:
If there is evidence of community Interest, then ARIN can conduct a community consultation to determine our best role in this area, but you first should encourage discussion within the network operator community at appropriate forums.
So here is my question to the network operator community in the ARIN region to gather if there are any (dis)agreements/opinions about such a notification by ARIN:
What do you think about the idea that ARIN actively informs their affected members about prefixes that are unreachable in an RPKI ROV environment?
The goal of that outreach/notification would be - to reduce the number of broken legacy ROAs from the past - reduce the negative impact on reachability of affected members.
looking forward to receiving your feedback!
kind regards, nusenu
[1] https://medium.com/@nusenu/towards-cleaning-up-rpki-invalids-d69b03ab8a8c
John Curran wrote:
Subject: Reaching out to ARIN members about their RPKI INVALID prefixes
Nusenu -
Thank you for writing us - the project (and Medium post on same) are quite interesting.
I think you’ve got several options for pursuing your objectives, including –
1) Reaching out to parties that already track and report on Internet routing hygiene (e.g. Geoff Huston at http://bgp.potaroo.net, the RPKI validator team at RIPE, the NIST RPKI Deployment monitor - https://rpki-monitor.antd.nist.gov) to see if of them would like to report on this information and/or contact those with invalids)
2) Raising the issue in the ARIN region via the NANOG operator forum - this would make an excellent lightening talk for you (or someone else familiar with it already attending) to speak about at the upcoming NANOG Vancouver meeting. If there is evidence of community Interest, then ARIN can conduct a community consultation to determine our best role in this area, but you first should encourage discussion within the network operator community at appropriate forums. It is not appropriate for ARIN staff to be proposing this additional role for the organization, as we within the ARIN staff follow community direction rather than set it.
Thanks! /John
John Curran President and CEO ARIN
-- https://twitter.com/nusenu_ https://mastodon.social/@nusenu