note that while i am also an ARIN trustee, i am speaking here as what randy calls "just another bozo on this bus". for further background, ISC has done some rpki work and everybody at ISC including me likes rpki just fine. when the ARIN board was first considering funding ISC to do some early rpki work, went out into the hallway until the discussion was over (ending positively.) On Jan 5, 2011, at 12:32 PM, Randy Bush wrote:
i have a rumor that arin is delaying and possibly not doing rpki that seems to have been announced on the ppml list (to which i do not subscribe).
john curran has explained that arin is doing its due diligence on some concerns that were brought up during a review of the rpki rollout. there is no sense in which arin has said that it is "not doing rpki" although the current review does technically qualify as "delaying rpki". i'm treating the above rumour as false. David Conrad <drc@virtualized.org> writes:
I heard about the delay, but not about ARIN possibly not doing RPKI. That would be ... surprising. [...]
it would be very much surprising to me as well. [bush]
as it has impact on routing, not address policy, across north america and, in fact the globe, one would think it would be announced and discussed a bit more openly and widely.
even if i thought that the operational impact could be felt in these early days when rpki remains an almost completely nonproduction service, and i don't think this by the way, i would still say that an internal review of a new service is not really something the whole community cares about. [conrad]
The definition of what comes under the "public policy mailing list" umbrella has always been a bit confusing to me. Too bad something like the APNIC SIGs and RIPE Working Groups don't really exist in the ARIN region.
do you have a specific proposal? i've noted in the past that arin tries hard to stick to its knitting, which is allocation and allocation policy. it seems to me that if some in the community wanted arin to run SIGs or WGs on things like routing policy arin could do it but that a lot of folks would say that's mission creep and that it would be arin poaching on nanog lands. -- Paul Vixie Chairman and Chief Scientist, ISC Trustee, ARIN
[ caveat: i am *one of* the architects of all this, and am paid to work on it, currently (indirectly) by the usg dhs. ] for background, the other four rirs have rolled rpki out in the last weeks, apnic and afrinic with the up/down protocol, ripe web only, and i am not well informed about lacnic's roll out. for the geeky, i append the trust anchor locators for all but afrinic (i'll try to get that).
even if i thought that the operational impact could be felt in these early days when rpki remains an almost completely nonproduction service, and i don't think this by the way, i would still say that an internal review of a new service is not really something the whole community cares about.
well yes and no. it was important enough that (i have been told) john announced it on major arin mailing list(s). and, as we all know, when info is not openly visible, it gets warped in transmission. hence the (i think you are saying) incorrect impression out here that the bot is questioning rpki roll-out in general. more recent rumors, and john's posting here, seem to indicate that o arin's lawyer, who actually seems to run arin, has created massive fud about liability. o so arin management is seriously reconsidering a web-only roll-out and seriously considering prioritizing being able to delegate the authority to the large isps by implementing the up/down protocol (draft-ietf-sidr-rescerts-provisioning-09.txt). i am a big fan of up/down. i am not a big fan of delay. first, it would really help if the arin bot and management were much more open about these issues and decisions. at the detailed level. we are all not fools out here, present company excepted :). for a radical example, considering that arin is managing a public resource for the community, why are bot meetings not streamed a la cspan? i do not see how you are going to get rid of the liability. you have it now in whois/irr if i use it for routing (except they are so widely known to be bad data that the world knows i would be a fool to bet on them). whether the source of a roa is a user whacking on an arin web page or by other means, you still attested to the rights to that address space. but all this is based on inference and rumor. can you please be more open and direct about this? thanks. randy --- ripe-ncc-root.tal rsync://rpki.afrinic.net/repository/AfriNIC.cer MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsAqAhWIO+ON2Ef9oRDM pKxv+AfmSLIdLWJtjrvUyDxJPBjgR+kVrOHUeTaujygFUp49tuN5H2C1rUuQavTH vve6xNF5fU3OkTcqEzMOZy+ctkbde2SRMVdvbO22+TH9gNhKDc9l7Vu01qU4LeJH k3X0f5uu5346YrGAOSv6AaYBXVgXxa0s9ZvgqFpim50pReQe/WI3QwFKNgpPzfQL 6Y7fDPYdYaVOXPXSKtx7P4s4KLA/ZWmRL/bobw/i2fFviAGhDrjqqqum+/9w1hEl L/vqihVnV18saKTnLvkItA/Bf5i11Yhw2K7qv573YWxyuqCknO/iYLTR1DToBZcZ UQIDAQAB rsync://repository.lacnic.net/rpki/lacnic/RTA_LACNIC_RPKI.cer MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AuR49ZoKS59Vnpq8M0X djeV3ROqtElwx6sNmUXvWBFPQlZLs2tR5/0MwprIWRi91WnMBVWjsECcLBe7Pu+u V/tTvPMJRXm/c+l8nR+FhAj7pn4M5A2pHFBndCPc1UrFD+BLACx9DSNiUjzKr1t7 wjHTW+F0NMnZ9g9hKdxDNCFi66BGx2f3TTW3uGns/IPfkxrRCeYtJcBpQ5mKoc8g QOndiEG/33uXDS9EOe1dycmnaw9EQqxqHp+Bj0TIVoFyfDNuT+soJ3uwtQr2g5Ys AIxJtmBAZrLj+acmLeQrYC0xQuK118dSAS9r6GSm476m2aGEYtb083fLodeYSEjM /wIDAQAB rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0URYSGqUz2m yBsOzeW1jQ6NsxNvlLMyhWknvnl8NiBCs/T/S2XuNKQNZ+wBZxIgPPV 2pFBFeQAvoH/WK83HwA26V2siwm/MY2nKZ+Olw+wlpzlZ1p3Ipj2eNc Krmit8BwBC8xImzuCGaV0jkRB0GZ0hoH6Ml03umLprRsn6v0xOP0+l6 Qc1ZHMFVFb385IQ7FQQTcVIxrdeMsoyJq9eMkE6DoclHhF/NlSllXub ASQ9KUWqJ0+Ot3QCXr4LXECMfkpkVR2TZT+v5v658bHVs6ZxRD1b6Uk 1uQKAyHUbn/tXvP8lrjAibGzVsXDT2L0x4Edx+QdixPgOji3gBMyL2V wIDAQAB
Date: Sat, 08 Jan 2011 15:47:51 +0900 From: Randy Bush <randy@psg.com> ... more recent rumors, and john's posting here, seem to indicate that ...
even to the extent that i know what's really happened or happening, i'd be loathe to comment on rumours. i have high confidence in arin's board and staff, and i believe that the right things are happening, even with the delays. "right things" as in what's best for the community and for the internet industry in the arin service region. as a strong proponent of rpki and of all things like rpki that will strengthen infrastructure, i remain delay-tolerant if review is the cost of getting it right.
first, it would really help if the arin bot and management were much more open about these issues and decisions. at the detailed level. we are all not fools out here, present company excepted :). for a radical example, considering that arin is managing a public resource for the community, why are bot meetings not streamed a la cspan?
can you cite some examples of nonprofit companies whose boards operate at the level of transparency you're asking me to consider in this example? the process of rolling out something like rpki involves some checks and balances, it's no longer just a simple matter of the technical people "doing the right thing" even though i remember older times when that was the way most things on the internet worked.
i do not see how you are going to get rid of the liability. you have it now in whois/irr if i use it for routing (except they are so widely known to be bad data that the world knows i would be a fool to bet on them). whether the source of a roa is a user whacking on an arin web page or by other means, you still attested to the rights to that address space.
my own belief here (not speaking for ARIN or for the ARIN BoT) is that the folks who use IRR/whois data to build route filters have a confidence level much lower than those who will use RPKI to do the same will have. i know that if i still had "enable" on anything other than my home router, that's how i'd feel. also, liability isn't just "got rid of" it's also documented and risk-managed, and doing that may require some kind of internal review.
but all this is based on inference and rumor. can you please be more open and direct about this? thanks.
i don't know. john (speaking for ARIN) gave an excellent and complete answer that i completely agree with. you're repeating some rumours which i won't comment on one way or the other. if you have specific questions which were not answered by john's response or which were raised by john's response you should ask them. saying "i heard a rumour, would anyone care to refute it?" is not going to move the conversational line of scrimmage at all. paul
first, it would really help if the arin bot and management were much more open about these issues and decisions. at the detailed level. we are all not fools out here, present company excepted :). for a radical example, considering that arin is managing a public resource for the community, why are bot meetings not streamed a la cspan?
can you cite some examples of nonprofit companies whose boards operate at the level of transparency you're asking me to consider in this example?
fcc
example, considering that arin is managing a public resource for the community, why are bot meetings not streamed a la cspan?
Having watched Congress on CSPAN, and heard reports about open ICANN Board meetings, it looks to me like making deliberative meetings public means nothing substantive happens during meetings. People get afraid to say anything that might make them look ignorant, and just make prepared speeches. All decisions are made ahead of time through private negotiations, which ends up being the opposite of transparency. I think ARIN's Board's output is better than Congress.
i do not see how you are going to get rid of the liability.
Looking at the ARIN Board minutes of https://www.arin.net/about_us/bot/bot2010_1006.html and https://www.arin.net/about_us/bot/bot2010_1122.html it looks like the Board is requesting a more detailed liability assessment. Well-informed decisions are more likely to be good than the other kind. Lee
Paul, On Jan 7, 2011, at 7:33 PM, Paul Vixie wrote:
The definition of what comes under the "public policy mailing list" umbrella has always been a bit confusing to me. Too bad something like the APNIC SIGs and RIPE Working Groups don't really exist in the ARIN region.
do you have a specific proposal? i've noted in the past that arin tries hard to stick to its knitting, which is allocation and allocation policy.
Yes. This is a positive (IMHO), however it seems that occasionally, ARIN's knitting tangles up folks who don't necessarily involve themselves with ARIN's existing interaction mechanisms (at least directly).
it seems to me that if some in the community wanted arin to run SIGs or WGs on things like routing policy arin could do it but that a lot of folks would say that's mission creep and that it would be arin poaching on nanog lands.
The issue I see is that there are non-address allocation{, policy} topics that can deeply affect network operations in which ARIN has a direct role, yet network operators (outside of the normal ARIN participants) have no obvious mechanism in which to comment/discuss/etc. Examples would include reverse DNS operations, whois database-related issues (operations, schema, access methods, etc.), (potentially?) RPKI, etc. It doesn't seem appropriate to me for these to be discussed in relation to addressing policy nor are the issues associated with those examples necessarily related to address allocation, hence I wouldn't think they'd be fodder for ppml. In the other regions, the RIRs host the discussions (e.g., for reverse DNS-related discussions there is dns-wg in RIPE and dns-sig in APNIC, not sure if there are similar constructs in LACNIC or AfriNIC) and the RIR staff provides input but (as far as I know) do not direct results. Since the (non-ARIN) RIRs typically perform some action based on input from these hosted discussions (or explain to the community why they can't/won't), this works reasonably well. In the ARIN region, for reasons that you mention among others, I'm unclear whether there is sufficient trust (on both sides, ARIN or the ARIN-region network operations community) for ARIN to do something similar (note I'm not saying there isn't trust, just that I'm not sure that there is). One alternative (which I suggest being blissfully ignorant of either politics or establishment mechanisms in NANOG) would be for some sort of joint ARIN/NANOG "interest group" (or whatever) for areas that impact ARIN and network operators in which folks have interest such as routing policy/security, dns operations, registration data representation/access, etc. So, in other words, no, I don't really have a specific proposal. Regards, -drc
The issue I see is that there are non-address allocation{, policy} topics that can deeply affect network operations in which ARIN has a direct role, yet network operators (outside of the normal ARIN participants) have no obvious mechanism in which to comment/discuss/etc. Examples would include reverse DNS operations, whois database-related issues (operations, schema, access methods, etc.), (potentially?) RPKI, etc. It doesn't seem appropriate to me for these to be discussed in relation to addressing policy nor are the issues associated with those examples necessarily related to address allocation, hence I wouldn't think they'd be fodder for ppml.
please $deity no. one difference in north america from the other 'regions' is that there is a strong and very separate operator community and forum. this does not really exist in the other regions. ripe ate the eof years ago. apops is dormant aside from helping with apricot. afnog has been strong, but is fading except for the once a year workshops. enredo may be reborn, but we have yet to see. observe that the main north american irr, radb, is not run by the rir, unlike in other regions. and i like that there are a number of diverse rir services in the region. it's healthy. so i would be perfectly happy if arin discussed operational matters here on nanog with the rest of us ops. i would not be pleased to see ops start to be subsumed by the rir here. randy
Randy, On Jan 7, 2011, at 9:31 PM, Randy Bush wrote:
one difference in north america from the other 'regions' is that there is a strong and very separate operator community and forum.
Right. However, it seems to me that this strong separation has led to exactly the problem you raised. The issue, as far as I can tell, is that there are functions and services performed by ARIN that can impact the operational community yet even within the existing ARIN structures, there is no obvious (to me at least) mechanism by which the operational community can voice their concerns/provide input/etc. on these services and functions (excluding address allocation/policy of course).
so i would be perfectly happy if arin discussed operational matters here on nanog with the rest of us ops.
I suspect the ambiguity of "operational matters" (and who defines what that is) and "discussed" will inevitably conspire to make you (and presumably other operators) less than "perfectly happy".
i would not be pleased to see ops start to be subsumed by the rir here.
That's a different topic. I'm talking about some mechanism by which ARIN and the operational community can communicate more effectively about the services ARIN provides as a public service. Regards, -drc
one difference in north america from the other 'regions' is that there is a strong and very separate operator community and forum. Right. However, it seems to me that this strong separation has led to exactly the problem you raised. The issue, as far as I can tell, is that there are functions and services performed by ARIN that can impact the operational community yet even within the existing ARIN structures, there is no obvious (to me at least) mechanism by which the operational community can voice their concerns/provide input/etc. on these services and functions (excluding address allocation/policy of course).
i will admit to some carry-over from the ietf's old high and mighty attitude, "we're open, if you want to talk about it, come to our turf." i am happy to say that this has been changing in recent years. randy
Randy Bush writes:
one difference in north america from the other 'regions' is that there is a strong and very separate operator community and forum. this does not really exist in the other regions. ripe ate the eof years ago. apops is dormant aside from [...]
Right.
observe that the main north american irr, radb, is not run by the rir, unlike in other regions. and i like that there are a number of diverse rir services in the region. it's healthy. ^^^ you mean "rr" I think.
so i would be perfectly happy if arin discussed operational matters here on nanog with the rest of us ops. i would not be pleased to see ops start to be subsumed by the rir here.
I'm sympathetic with that, but, like David said, the separation (NANOG/ARIN) you have in North America does lead to issues such as not being able to trust what's in the RR(s). So I'm quite happy with the situation here in Europe, where RIPE (deliberately ignoring the difference between RIPE NCC and the RIPE community for a second) takes care of both running the address registry, and running a routing registry that can leverage the same authentication/authorization substrate. This makes the RR much more trustworthy, and should really make the introduction of something like RPKI much easier (albeit with the temptation to set it up in a more centralized way than we might like). Randy, what is the model you have in mind for running a routing registry infrastructure that is sustainable and trustworthy enough for uses such as RPKI, i.e. who could/should be running it? I guess I'm arguing that from my non-North-American perspective, an ARIN with a carefully extended mandate could be of much help here. So even if you're unhappy with the current ARIN governance, maybe it would still be worthwhile for the community to fix that issue - unless there are credible alternatives. -- Simon.
[ vix, apologies for giving you both barrels. you unintentionally pushed a hot button or two ]
Randy, what is the model you have in mind for running a routing registry infrastructure that is sustainable and trustworthy enough for uses such as RPKI, i.e. who could/should be running it?
<ietf heresy> the pki wg sat with their thumbs up their nether sides for a decade instead of working on a trust topology that mapped something a bit more operationally realistic than x.500. </ietf heresy> so all we have is a hierarchic trust model. luckily, that matches the topology of the resources we are tracking, ip address space and asns. like ipv6, we're not going to go back a few decades and change either the allocation topology (iana->{rirs+legacy}->...->...) or x.509. [ and yes, i have put some time into thinking about hacking a pgp-based solution. probably i am just not smart enough. but i asked a bunch of folk smarter than i (target rich environment, i know), and did not find optimism. ] so whether we like it or not, the rpki underlies formally verifiable routing security. it's all we have. and i care a real lot about formally verifiable routing security. a real lot. so this is why i am so deeply concerned about the iana and the rirs' actions, policies, engineering, operations, ... on this stuff. we are married to them whether either side likes it or not, at least until the youngest kid leaves for uni or gets a job.
I guess I'm arguing that from my non-North-American perspective, an ARIN with a carefully extended mandate could be of much help here. So even if you're unhappy with the current ARIN governance, maybe it would still be worthwhile for the community to fix that issue - unless there are credible alternatives.
i do not see much alternative. maybe if we could pry the iana away from the domainer slime and the usg and maybe move it to iceland, it could allocate directly and we could dump the regional address cartel. but it it not likely. so we as the ops community need to work to make the iana/rir system, pretty much as it is today, do the rpki deployment in a manner we can trust and with which we can be comfortable. randy
From: David Conrad <drc@virtualized.org> Date: Fri, 7 Jan 2011 21:01:52 -1000
do you have a specific proposal? i've noted in the past that arin tries hard to stick to its knitting, which is allocation and allocation policy.
Yes. This is a positive (IMHO), however it seems that occasionally, ARIN's knitting tangles up folks who don't necessarily involve themselves with ARIN's existing interaction mechanisms (at least directly).
the price of changing what ARIN does is, at a minimum: participation.
it seems to me that if some in the community wanted arin to run SIGs or WGs on things like routing policy arin could do it but that a lot of folks would say that's mission creep and that it would be arin poaching on nanog lands.
The issue I see is that there are non-address allocation{, policy} topics that can deeply affect network operations in which ARIN has a direct role, yet network operators (outside of the normal ARIN participants) have no obvious mechanism in which to comment/discuss/etc. Examples would include reverse DNS operations, whois database-related issues (operations, schema, access methods, etc.), (potentially?) RPKI, etc. It doesn't seem appropriate to me for these to be discussed in relation to addressing policy nor are the issues associated with those examples necessarily related to address allocation, hence I wouldn't think they'd be fodder for ppml.
they are, though. i understand the subtlety of the question, "is that a policy matter?" but discussions on ppml@ have led to determinations of "what is lameness?" and "when is a nameserver so lame that it's better to remove it from in-addr than to leave it in?" i hear in what you're saying a desire to have a way to impact ARIN's behaviour outside of NRPM edits and perhaps ARIN does need to address this with some new online forum for things which aren't allocation policy but which should still be decided using community input. (as i recall my first act as a new ARIN trustee was to sign onto a policy proposal that would have changed the way e-mail templates worked, and at the end of the process the ARIN BoT shot it down because it wasn't a policy, and i understood that decision. strange, eh?)
...
So, in other words, no, I don't really have a specific proposal.
perhaps others will chime in. i will continue to think about it also.
the price of changing what ARIN does is, at a minimum: participation. aha! there we go. the old ietf attitude. you come to the mountain. well, i'll tell you what i told the ietf. the high and mighty mountain can bite my ass.
let me be a bit more clear on this o you affect the operational community, you talk with (not to) the operational community where the operational community talks o i have given a lot of blood to arin, far more than it deserved. so do not tell me i need to give more. o eighteen months or so ago, a gang of big arin folk guilt-tripped me into running for the board (which i founded back in '96-'97). i did the nomcom form and all that, AND WAS SILENTLY NOT ALLOWED ON THE BALLOT. never given notice or reason. so take your high and mighty open participation crap and shove it where the sun don't shine. but i sure was relieved, to tell the truth. my mental and physical health just don't need the arin vigilante high and mighty crap on a daily basis. randy
Date: Sat, 08 Jan 2011 18:17:55 +0900 From: Randy Bush <randy@psg.com>
let me be a bit more clear on this
thanks.
o you affect the operational community, you talk with (not to) the operational community where the operational community talks
i think arin does this today. certainly that is the intent. on the other fork of this thread, drc has noted some ways that this engagement area can be further improved, and i have counted myself as intrigued. also, i neglected to mention in my earlier notes on this thread that in addition to public policy meetings and the public policy mailing list which are open to the entire community not just arin members and which allow for remote participation not just those who can travel, arin has a consultation and suggestion process (URL below). i urge all operators and interested parties of the operational community to consider sharing their perspectives and their wisdom with arin to guide it going forward. ARIN Consultation and Suggestion Process: https://www.arin.net/participate/acsp/index.html ARIN Public Policy Mailing List: http://lists.arin.net/mailman/listinfo/arin-ppml Meetings: https://www.arin.net/participate/meetings/index.html https://www.arin.net/participate/meetings/reports/ARIN_XXVI/index.html https://www.arin.net/participate/meetings/ARIN-XXVI/remote.html https://www.arin.net/participate/meetings/ARIN-XXVII/index.html https://www.arin.net/participate/meetings/ARIN-XXVIII/index.html Fellowships: https://www.arin.net/participate/meetings/fellowship.html Scholarships: https://www.arin.net/participate/meetings/scholarships.html
Getting back to the original topic...sort of: Looking at the data from altdb, it's not as widely used as I'd have guessed. There are 461 mntner objects. Of these, 268 use MAIL-FROM authentication. 192 use CRYPT-PW. At least those are the split if you look at just the first auth: for each mntner object...plenty of objects have multiple auth:'s and some even have multiple types like MAIL-FROM and PGP. In such a case, does a change request have to satisfy both auth's or just either one? This makes me ask two questions. 1) Why did ARIN even bother setting up rr.arin.net with no authentication other than MAIL-FROM? Even CRYPT-PW, while weak would be far stronger and preferable to effectively no authentication. 2) Why does altdb (and presumably other RR's that support CRYPT-PW) only support DES and not MD5-crypt? It's not 1990 anymore. RFC 2622 says that CRYPT-PW uses the UNIX crypt format...but today, UNIX crypt supports a variety of formats, including MD5, which is popular at least with Linux. I don't mean to whine that altdb doesn't support MD5...it'd be nice if it did, but at the price I'm paying for service ($0), I can't complain. AFAIK, few networks base their BGP filters on the RR data, so I don't care too much about RPKI[1]. Who cares if ARIN certifies that my entries are legit if only a fraction of the net uses that data and there will always be portions of the net where anything goes and resource certification is ignored? What I do care about is that my peers or transits that use RR data to build filters use the data I put there, and that that data isn't tampered with by anyone with the minimal level of clue required to forge the from address on an email and construct an RPSL update email. Sure, we'd get email notification of the change...but if they time it right or the email doesn't get acted on quickly enough, filters might be built improperly. [1] Don't care is probably too strong. At this point in time, I don't think it makes sense to get hung up on it and refuse to do any authentication if we're not doing RPKI, but not implement RPKI, because we haven't worked out all the details on how it'll be done. As it is, rr.arin.net is pretty much worthless. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On Sat, Jan 8, 2011 at 1:10 PM, Jon Lewis <jlewis@lewis.org> wrote:
Getting back to the original topic...sort of:
thanks!
[1] Don't care is probably too strong. Â At this point in time, I don't think it makes sense to get hung up on it and refuse to do any authentication if we're not doing RPKI, but not implement RPKI, because we haven't worked out all the details on how it'll be done. Â As it is, rr.arin.net is pretty much worthless.
I don't think rr.arin.net and RPKI have anything to do with each other. I think the direction the RPKI should/is taking is to have the RIR sign a ROA to the ORG that they allocate the address space to... Similarly the ORG (if they are an N|LIR-type) will sign a ROA to the ORG that they assign address space to. Ideally you should be able to ask the RPKI system: "I have 1.2.3.0/24 in a bgp announcement, origin'd by AS1234. Is that proper?" Ideally that magic doesn't happen on the "router" but a digested form of the data is available making much of the heavy-lifting not router-based. The parts of the puzzle here that ARIN (or really any RIR) is responsible for are the 'signing roas to allocatees' (the "up/down protocol" as it's referred to in the drafts - <http://tools.ietf.org/html/draft-ietf-sidr-rescerts-provisioning-09> and potentially having a system which permits end-users/ORGs to enter data which generates ROA data (and sends that along to some publication point for the rest of the routing world to download/digest). I believe the 'up/down protocol' part here is critical, the "web server" part ... I'm not sure is so critical, maybe a third party makes that happen outside of the ARIN management chain? Using someone not yourself (ARIN or another third party) to manage your ROA data means you probably have (in the most simple case) given the ability to that third party to sign objects for you, that means they have your private key(s) and can break you by mistake/malfeasance/oversight/etc. For this reason some folks may be ok with using a third party, many will choose to hold their fate in their own hands. -Chris
<pedantry but technically critical pedantry> [ and 06:00 here so i am probably also making critical errors ]
I don't think rr.arin.net and RPKI have anything to do with each other. I think the direction the RPKI should/is taking is to have the RIR sign a ROA to the ORG that they allocate the address space to...
s/ROA/resource certificate/
Similarly the ORG (if they are an N|LIR-type) will sign a ROA to the ORG that they assign address space to.
idem it is only when you get down to someone who has [a piece of] that allocation they wish to announce into bgp that they acually cause a ROA to be issued which may be validated using the cert chain.
The parts of the puzzle here that ARIN (or really any RIR) is responsible for are the 'signing roas to allocatees' (the "up/down protocol" as it's referred to in the drafts
s/roas/certificates/
I believe the 'up/down protocol' part here is critical, the "web server" part ... I'm not sure is so critical, maybe a third party makes that happen outside of the ARIN management chain?
this is easily done with the rpki, up/down, publication, ... architecture.
Using someone not yourself (ARIN or another third party) to manage your ROA data means you probably have (in the most simple case) given the ability to that third party to sign objects for you, that means they have your private key(s) and can break you by mistake/malfeasance/oversight/etc. For this reason some folks may be ok with using a third party, many will choose to hold their fate in their own hands.
exactly. but only if the parent runs the up/down ('provisioning') protocol, does the child have that choice. randy
On Sat, Jan 8, 2011 at 2:47 PM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
I don't think rr.arin.net and RPKI have anything to do with each other. I think the direction the RPKI should/is taking is to have the
I at least think that whatever future and time-table is planned for RPKI, this should not stand in the way of ARIN offering an effective authentication mechanism for the ARIN IRR. FYI, the reply I received from ARIN was that there are no plans to improve its authentication capability. I didn't ask why and don't really care why it has never had anything more than MAIL-FROM in the past. Either it should be improved (IMO) or it shouldn't be. I really do wonder what ARIN's plan is if a bad guy decides to forge emails and delete or modify some or all of the objects. Would they just shut it down, improve authentication, or keep doing business as usual? I am always surprised that black hat folks do not do things like this when faced with a damaging vulnerability that can easily be exploited with no way to trace the activity back to the bad guy. -- Jeff S Wheeler <jsw@inconcepts.biz> Sr Network Operator / Innovative Network Concepts
I at least think that whatever future and time-table is planned for RPKI, this should not stand in the way of ARIN offering an effective authentication mechanism for the ARIN IRR. ... I really do wonder what ARIN's plan is if a bad guy decides to forge emails and delete or modify some or all of the objects.
my guess is do their best to try to see who has the right data. as arin seems to be driven by fud, policy wannbes, and lawyer(s), this might be complex, slow, and expensive. so it goes. but, unlike the other regions, the arin.irr is not confuddled with the arin.whois. i.e. it is kind of irrelevant to the authority on resource ownership, arin's real responsibility. they are just providing a free irr service, as it is the popular thing for rirs to do these years. and i don't think many use it. if you don't like its weak authentication, then don't use it, there are plenty of alternatives, e.g. see $subject. i agree that running an irr instance with only mail-from is pretty lame. and there is good free software out there to do it well if you do not suffer from nih. so i would advise putting it late in your peval() string. randy, who runs an irr instance using irrd
On Sat, Jan 8, 2011 at 10:23 PM, Randy Bush <randy@psg.com> wrote:
but, unlike the other regions, the arin.irr is not confuddled with the arin.whois. Â i.e. it is kind of irrelevant to the authority on resource ownership, arin's real responsibility.
I certainly agree with this, and I am admittedly ignorant of the history here, but I don't understand why ARIN is operating an IRR that is very much insecure, instead of just not operating one at all.
they are just providing a free irr service, as it is the popular thing for rirs to do these years. Â and i don't think many use it. Â if you
In terms of database size, excluding RIPE, the ARIN IRR is the 8th largest, ahead of ALTDB and about 10% as large as Level3, the second largest IRR database (except RIPE.) A mass-corruption of the ARIN IRR overnight might be a serious incident causing service impact to a large number of users and businesses, and cause probably thousands of people to be got out of bed in the middle of the night, but clearly it would not be a total disaster. No one is forced to use ARIN IRR, but it's worth asking the question: why is ARIN a trustworthy steward of RPKI infrastructure if their IRR is a serious liability to The Internet because of a simple issue like not supporting password or PGP authentication? Is this the reason ARIN is spending time consulting their lawyers? -- Jeff S Wheeler <jsw@inconcepts.biz> Sr Network Operator / Innovative Network Concepts
On Jan 9, 2011, at 2:09 AM, Jeff Wheeler wrote:
In terms of database size, excluding RIPE, the ARIN IRR is the 8th largest, ahead of ALTDB and about 10% as large as Level3, the second largest IRR database (except RIPE.) A mass-corruption of the ARIN IRR overnight might be a serious incident causing service impact to a large number of users and businesses, and cause probably thousands of people to be got out of bed in the middle of the night, but clearly it would not be a total disaster.
Jeff - Please suggest your preferred means of IRR authentication to the ARIN suggestion process: <https://www.arin.net/participate/acsp/index.html> Alternatively, point to a best practice document from the operator community for what should be done here. ARIN's work plan is very much driven by community input, so that's what is needed here. Thanks! /John John Curran President and CEO ARIN
On Sun, Jan 9, 2011 at 1:09 PM, John Curran <jcurran@arin.net> wrote:
 Please suggest your preferred means of IRR authentication to the ARIN  suggestion process: <https://www.arin.net/participate/acsp/index.html>  Alternatively, point to a best practice document from the operator  community for what should be done here. ARIN's work plan is very much  driven by community input, so that's what is needed here.
John, I appreciate you taking time to respond to this while on vacation. However, I think we all know that your response is not a "here is how you tell us what to do," it's a "here is our cop-out response to make an incredibly simple fix either never happen, or take six months to make it through the ARIN process." If you truly do not understand the posts regarding this matter, I will summarize them for you very simply: 1) ARIN IRR is a tool that has operational impact; service providers use it to build prefix-lists automatically, and if the data that underlies those prefix-lists is corrupted, networks that use the ARIN IRR will see their transit providers stop accepting their BGP announcements overnight. This is not a "some database might be inaccurate but it's okay," problem; it is an operational problem. Some peoples' networks depend on that data not becoming corrupted. Specifically, every network that uses ARIN IRR. 2) ARIN IRR has effectively no security for record updates or deletes. Anyone who knows how to forge an email From: header can corrupt or delete part or all of the ARIN IRR database at any time. ARIN IRR is the only database that I am aware of without support for at least password authentication. The standard toolset supports passwords trivially. 3) If not supporting passwords was a business-driven decision, it was a bad one, but perhaps a mistake born out of ignorance. If it was a technically-driven decision by the staff members responsible for implementing and maintaining the ARIN IRR, those staff members are not qualified to handle anything of an operational nature, and you would be well-advised to find jobs for them that don't require any attentiveness to operational security. 4) The "ARIN process" will almost certainly not be the route taken when a change eventually arises. Some black hat will eventually decide it would be a clever prank to erase or corrupt the entire database, and you will then be faced with three choices; a) implement passwords immediately and not allow any updates from users who haven't selected one; b) make the ARIN IRR read-only and effectively make it useless; c) ignore the problem, at which point no ISPs will be willing to mirror the ARIN IRR anymore, because its data is a liability, not an asset. I appreciate that there is a process to go through for proposing ARIN policy changes, etc. Your suggestion that this be used when addressing an operational security matter is foolish and provides plenty of ammo for people who say ARIN is ineffective (or worse.) I suggest you take a moment to think about what the news coverage might be if this eventually blows up in a big enough way to interest news people. If a bunch of ISPs go down overnight due to an ARIN oversight, will some savvy reporter ask himself who at ARIN knew they were running an operationally-important service with no security mechanism at all? Will he have much trouble finding out about a mailing list discussion in which the CEO of ARIN glazed over the issue and referred a whistle-blowing person to the ARIN policy process? Will he then ask if ARIN is an effective steward of RPKI? Will his article assign blame to you personally? Will he draw some link to "Chinese interception of 15% of the Internet?" Who knows how mainstream press would interpret such an event, if it was big enough to attract attention. If I were you, though, I would not want my signature at the bottom of an email essentially telling someone to go post on the correct mailing list. I suggest you don't be the ARIN CEO that gets mud in his eye because he didn't understand the value of a password over mail-from. -- Jeff S Wheeler <jsw@inconcepts.biz> Sr Network Operator / Innovative Network Concepts
On Jan 9, 2011, at 6:30 PM, Jeff Wheeler wrote:
John,
I appreciate you taking time to respond to this while on vacation. However, I think we all know that your response is not a "here is how you tell us what to do," it's a "here is our cop-out response to make an incredibly simple fix either never happen, or take six months to make it through the ARIN process."
Jeff - As it turned out, I'm back from vacation but thanks for the thought. My reason for responding is simply to make sure that ARIN is doing what the community wants. I won't deny that this may take some time depending on exactly what is involved, but in my mind that is far better than not fixing the situation.
If you truly do not understand the posts regarding this matter, I will summarize them for you very simply: 1) ARIN IRR is a tool that has operational impact; service providers use it to build prefix-lists automatically, and if the data that underlies those prefix-lists is corrupted, networks that use the ARIN IRR will see their transit providers stop accepting their BGP announcements overnight. This is not a "some database might be inaccurate but it's okay," problem; it is an operational problem. Some peoples' networks depend on that data not becoming corrupted. Specifically, every network that uses ARIN IRR.
Thanks; I'm aware of the ARIN IRR and how operators in the community make use of it, and have run ISPs which have made use of the data for route filtering.
... I appreciate that there is a process to go through for proposing ARIN policy changes, etc. Your suggestion that this be used when addressing an operational security matter is foolish and provides plenty of ammo for people who say ARIN is ineffective (or worse.)
Agreed; dropping me an email is a fine process for operational security matters. Consider this one so reported. /John John Curran President and CEO ARIN
On Sun, Jan 9, 2011 at 7:33 PM, John Curran <jcurran@arin.net> wrote:
My reason for responding is simply to make sure that ARIN is doing what the community wants. Â I won't deny that this may take some time depending on exactly what is involved, but in my mind that is far better than not fixing the situation.
How will ARIN respond to operational security matters with regard to RPKI infrastructure in the future? What experience does ARIN have with operational security in the past? When faced with DNS server vulnerabilities, did ARIN solicit community feedback before patching the servers responsible for IN-ADDR.ARPA zones administered by ARIN? Or did ARIN treat this matter as a legitimate, operational security concern, and apply whatever technical solution was available and generally accepted by other organizations administering DNS servers? Why should an operational security issue with the ARIN IRR be handled as a policy issue? Do you know that I have emailed ARIN about this both recently and in years past? Am I the only person who has ever tried to bring this to ARIN's attention? I doubt that. Are the personnel managing the ARIN IRR oblivious to the fact that every other IRR database except ARIN supports at least some form of password authentication? Are these personnel qualified to handle services with operational impact? Do you, or they, know that ARIN's IRR technical infrastructure actually does support password security, and that records exist in the ARIN IRR database with MD5 authentication, but that email to ARIN about this are answered with replies that only MAIL-FROM is possible? Why does the ARIN web site make no mention of anything besides MAIL-FROM?
Thanks; I'm aware of the ARIN IRR and how operators in the community make use of it, and have run ISPs which have made use of the data for route filtering.
When you ran ISPs that made use of IRR data for route filtering, did you use any kind of authentication when publishing and maintaining your own records, or advise customers to use such? Did the possibility of malicious data corruption or erasure ever enter your mind?
Agreed; dropping me an email is a fine process for operational security matters. Â Consider this one so reported.
What will the process be for handling operational security issues regarding future RPKI infrastructure? It is conceivable that there may be no alternative to ARIN, in the ARIN region, for trusted routing information data in the future. Today, we can choose not to use ARIN IRR, and the huge majority of networks who publish IRR data use their ISP databases or MERIT RADB. Are we faced with the possibility that ARIN simply doesn't have personnel capable of handling operational services, yet are forcing ARIN down a road that may make them a sole source of something we all need? If so, perhaps this is a very bad idea in need of further debate. I think the mentality at ARIN is one of paper-pushers and policy guys. That's perfectly fine for an organization whose main function is ... processing paperwork and allocating IP addresses. It is perhaps a very bad idea to ask ARIN to do operational things which they are very clearly unprepared to handle, to such an extent that they may need additional or different personnel, and really need to change their mentality. I understand that the technical side of the RPKI implementation at ARIN is most likely entrusted to Paul Vixie and ISC, which is a good thing. I never read an email from Paul saying, "I think we need to solicit feedback before we patch this BIND issue." DNSSEC progress has taken a very long time, but that hasn't stopped ISC from continuing to provide quick technical solutions to immediate technical problems. What really worries me is ... if there is some serious issue with RPKI infrastructure in the future, will ARIN be able to solve it in an operational time-frame, or won't they? -- Jeff S Wheeler <jsw@inconcepts.biz> Sr Network Operator / Innovative Network Concepts
On Jan 9, 2011, at 9:53 PM, Jeff Wheeler wrote:
Why should an operational security issue with the ARIN IRR be handled as a policy issue?
Operational security matters should simply be fixed; that's not a policy matter but an implementation issue.
Do you know that I have emailed ARIN about this both recently and in years past? Am I the only person who has ever tried to bring this to ARIN's attention? I doubt that.
Good to know; I'm rather interesting in knowing some particulars here, so can you forward to me one or two of those messages? (or just let me know the 'To' field used and I'll take it from there)
What will the process be for handling operational security issues regarding future RPKI infrastructure? It is conceivable that there may be no alternative to ARIN, in the ARIN region, for trusted routing information data in the future. Today, we can choose not to use ARIN IRR, and the huge majority of networks who publish IRR data use their ISP databases or MERIT RADB. Are we faced with the possibility that ARIN simply doesn't have personnel capable of handling operational services, yet are forcing ARIN down a road that may make them a sole source of something we all need? If so, perhaps this is a very bad idea in need of further debate.
Feel free to discuss on this list (if deemed in charter) or arin-discuss as you feel appropriate.
I think the mentality at ARIN is one of paper-pushers and policy guys. That's perfectly fine for an organization whose main function is ... processing paperwork and allocating IP addresses. It is perhaps a very bad idea to ask ARIN to do operational things which they are very clearly unprepared to handle, to such an extent that they may need additional or different personnel, and really need to change their mentality.
Jeff - ARIN does indeed have folks who worry about whether the policy development process is being followed. We also have folks who actually implement the policy and issue number resources. What you may not know is that we also have quite a few folks who have run production operational services both for the Internet and other mission-critical environments. I'm not surprised that the IRR allows plaintext passwords, but am myself stunned if indeed we require them, since that disallows even a modicum of protection from trivial acts of sabotage. Rather than repeat what lack of information there is on the web site in regards to what forms of IRR authentication is available, I will go determinate the state of reality and post back here asap. At a minimum, we need much clearer documentation, but if more is required, we'll get it fixed asap. /John John Curran President and CEO ARIN
On Sun, Jan 9, 2011 at 10:47 PM, John Curran <jcurran@arin.net> wrote:
Jeff - ARIN does indeed have folks who worry about whether the policy development process is being followed. Â We also have folks who actually implement the policy and issue number resources.
And we all agree that this is ARIN's primary role, and what ARIN, organizationally, has been built to be good at. This is what members consider when electing the BoT and no doubt drives ARIN's day-to-day business and technical decisions.
is that we also have quite a few folks who have run production operational services both for the Internet and other mission-critical environments.
What does ARIN, as an organization, do that has short-term operational impact on its members? Two things that I am aware of: IN-ADDR.ARPA delegation and IRR. One of these things gives people no reason to complain. The other is demonstrably insecure in a manner that could have really serious, and embarrassing, consequences, both financial for the members, and in terms of peoples' confidence in ARIN.
I'm not surprised that the IRR allows plaintext passwords, but am myself stunned if indeed we require them, since that disallows even a modicum of protection from trivial acts of sabotage. Â Rather than repeat what lack of information there is on the web site in regards to what forms of IRR authentication is available, I will go determinate the state of reality and post back here asap. At a minimum, we need much clearer documentation, but if more is required, we'll get it fixed asap.
Thanks, I am glad you are now looking into this. To be clear, it's not just "plain text passwords." There aren't any passwords for the majority of objects. The ARIN documentation indicates that only MAIL-FROM is supported. When asked about this, ARIN personnel who respond to rtreg@arin.net reply that yes, MAIL-FROM is the only authentication mechanism supported, and that no, there is no support for passwords (good) or PGP (also good, but too complicated for some users.) This isn't simply an issue of "plain text passwords." Your mechanism is MAIL-FROM, which means the only check that is done on update/add/delete requests is the From: header. The ARIN database, which is publicly mirrored, contains the email addresses that must be used to add/update/delete objects maintained by a given mntner: object. All you have to do to corrupt or erase a record is look up the record you want to corrupt in the IRR, then look up that mntner, then forge an email from the auth: MAIL-FROM listed in that mntner record. It's dead simple and it is not "plain text passwords," it is no passwords at all. The reason I am still posting is I am deeply concerned about the lack of technical and management competence needed to let this happen in the first place. You shouldn't seriously believe that no ARIN staffer ever thought about this, while also believing that ARIN is currently capable of administering RPKI, by its very nature and as its primary goal, to improve operational network security. For this reason, I think your true task is not simply to address the IRR issue, but to change the mentality at ARIN. If you do have technically skilled personnel, something is preventing them from being effective. If there isn't a management or cultural problem stopping folks from speaking up, then, quite frankly, I think you may be greatly over-estimating the technical savvy of ARIN staff. -- Jeff S Wheeler <jsw@inconcepts.biz> Sr Network Operator / Innovative Network Concepts
Subject: Re: AltDB? Date: Sun, Jan 09, 2011 at 06:09:13PM +0000 Quoting John Curran (jcurran@arin.net):
On Jan 9, 2011, at 2:09 AM, Jeff Wheeler wrote:
Please suggest your preferred means of IRR authentication to the ARIN suggestion process: <https://www.arin.net/participate/acsp/index.html> Alternatively, point to a best practice document from the operator community for what should be done here. ARIN's work plan is very much driven by community input, so that's what is needed here.
Just do as the other RIRen, for starters. The database sw is available, and ARIN coming up to the standards of the others would be a real improvement. -- MÃ¥ns Nilsson primary/secondary/besserwisser/machina MN-1334-RIPE +46 705 989668 My mind is a potato field ...
On 01/09/2011 10:09, John Curran wrote:
On Jan 9, 2011, at 2:09 AM, Jeff Wheeler wrote:
In terms of database size, excluding RIPE, the ARIN IRR is the 8th largest, ahead of ALTDB and about 10% as large as Level3, the second largest IRR database (except RIPE.) A mass-corruption of the ARIN IRR overnight might be a serious incident causing service impact to a large number of users and businesses, and cause probably thousands of people to be got out of bed in the middle of the night, but clearly it would not be a total disaster.
Jeff -
Please suggest your preferred means of IRR authentication to the ARIN suggestion process:<https://www.arin.net/participate/acsp/index.html> Alternatively, point to a best practice document from the operator community for what should be done here. ARIN's work plan is very much driven by community input, so that's what is needed here.
John, I get what motivates this response, and am even guilty of having provided similar responses. So I'm not going to glom onto the criticism of this as a response _per se_. However, there is a line beyond which some things cross which takes them out of the realm of, "Show me you care about this issue by reporting it in triplicate" and into the category of "This is bad on its face and I need to use my internal channels to get people an answer ASAP." To me (speaking as someone with absolutely no dog in this hunt) the issue of "The only authentication method available for the ARIN IRR is mail-from" clearly falls into the latter category. My reading of the reaction here is incredulity that this was not your immediate response, and (once again without trying to glom on) this is a reaction that I share. Now it seems that you acknowledged that further on in this thread, but just for fun I decided to try your suggestions-suggestion. I went to the site, it requires a login. Well, ok, I think having a method for "I don't want to track this I just want to throw it over the wall in case someone cares" might be valuable, but everyone wants a login nowadays, so fine. I attempt to click the "new user?" link, and at some point I realize that the site requires cookies for login stuff. Ok, another necessary evil. So I enter my desired information, and click continue, and get bounced right back to to the original page. I figure my registration was successful and attempt to log in. That fails. I click the "assistance" link and enter the e-mail address I used to register, it's not registered. So I go back to the registration form, enter my information again, and hit Continue. This time I got an error message, user names must be at least 6 characters. Um .... ok. So I think of another username, click Continue, and get a new error: The e-mail address you entered appears to be a role account. Please enter an e-mail address that contains your name or initials. Note that ARIN Web account information will not be published in ARIN's Whois. If the e-mail address you entered is not a role account, please contact the Registration Services Department at hostmaster@arin.net or +1.703.227.0660. I create e-mail addresses of the form <blah>@dougbarton.us for all the sites that I register on to track whether or not they use my e-mail address for nefarious purposes. So yes, "arin@dougbarton.us" looks like a role account, but it's not. So I'll bite, I'll call the number and talk to them. Ooops! I called at 4:01 pm PST, and y'all had closed up shop 1 minute earlier. (Yes, I realize that the ARIN office is on the East Coast, don't care. My working day is still going on for hours more. Must really suck for ops in HI.) Now admittedly my method of working on line is different from the average Internet user, although arguably not _that_ different from a lot of the people in your custo^Wmember demographic. So one could make the argument that in its current form the suggestions page actually serves as a barrier to entry, rather than an effective communications channel. But soldiering on, I put in my "regular" e-mail address, and hit Continue again. It once again bounced me back to the main page, but once again, I was not actually registered. So, I started the whole registration process all over again, and this time it succeeded. So now... You must accept the Terms of Service Agreement in order to proceed. Hmm.. well, 79 very long lines of text, no way to download the document for my lawyers to review, and most of it applies to people managing information related to services. But what the heck, I'll give it a go. So now I have to create a web profile. First/Last, Company, and full postal address are all mandatory fields. Ok, all done with that, now I actually have a web account. *phew* Wait, what was I going to do with it again? Oh yes, I was going to submit a suggestion .... um .... where is the link for suggestions? At the top of the page I have Number Resources, Participate, Policies, Fees & Invoices, Knowledge, About Us. Most of those don't apply to me, so let's see, on the left side we have Message Center, Web Account, POC Records, Organization Data, Manage Resources, Track Tickets, Listing Service, Downloads, Ask ARIN ... neither I nor Firefox can find "suggestions" anywhere on that page. I could of course use the "Ask ARIN" link which brings up a reasonable-looking form to send my suggestion in the form of a question, so I suppose that'll work. Now in case anyone is still reading this message, my point is _not_ "ARIN SUCKS!" My point is simply that saying, "All you have to do is ...." doesn't always cut it, and as I said (way, way) above there _is_ a line where it really is incumbent on the operator community to get involved in the process on your turf. Hopefully though you'll take this thread as feedback from the operator community that where you have (at least up until recently) believed that line to be is not appropriate, or even realistic. best regards, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/
On Jan 10, 2011, at 7:57 PM, Doug Barton wrote: On 01/09/2011 10:09, John Curran wrote:
Please suggest your preferred means of IRR authentication to the ARIN suggestion process:<https://www.arin.net/participate/acsp/index.html> ... Now it seems that you acknowledged that further on in this thread, but just for fun I decided to try your suggestions-suggestion. I went to the site, it requires a login.
Doug - Perhaps you saw the "ARIN Online" login on the left side and decided to create an account for registration services? The Suggestion Process page should haved displayed for you without any login; it describes the suggestion process as follows: "Any person in the ARIN community is welcome to make a suggestion regarding an existing or potential ARIN service or practice. Such a suggestion will be sent to ARIN as described at Suggestion Submission <https://www.arin.net/app/suggestion/> page. " That Suggestion Submission form seems operational without any login as well (or at least works best I can recreate at this time using various browsers.)
Well, ok, I think having a method for "I don't want to track this I just want to throw it over the wall in case someone cares" might be valuable
That's the intent, and if its not working that way, then it will be fixed. Can you double check that the suggestion process page displayed including the link to the simple suggestion form? Thanks! /John John Curran President and CEO ARIN
On Tue, 11 Jan 2011, John Curran wrote:
"Any person in the ARIN community is welcome to make a suggestion regarding an existing or potential ARIN service or practice. Such a suggestion will be sent to ARIN as described at Suggestion Submission <https://www.arin.net/app/suggestion/> page. "
I just used that to put in the suggestion that rr.arin.net be updated to support CRYPT-PW (DES and MD5) and PGP, along with reasoning for the suggestion. The page had a captcha on it. Immediately after submitting, it, I got an email saying I had to hit a link to confirm the suggestion. Does ARIN get that much form submission spam on the suggestion form (with the captcha)? My suggestion ID is 2011.1...so I'm guessing this isn't a heavily used form :) ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On 01/10/2011 19:18, John Curran wrote:
On Jan 10, 2011, at 7:57 PM, Doug Barton wrote: On 01/09/2011 10:09, John Curran wrote:
Please suggest your preferred means of IRR authentication to the ARIN suggestion process:<https://www.arin.net/participate/acsp/index.html> ... Now it seems that you acknowledged that further on in this thread, but just for fun I decided to try your suggestions-suggestion. I went to the site, it requires a login.
Doug - Perhaps you saw the "ARIN Online" login on the left side and decided to create an account for registration services?
Wasn't a conscious decision, no. :) The page at the URL above looks like this for me: http://dougbarton.us/ARIN-Participation.png That's using firefox 3.6.13 on FreeBSD with a few addons, but nothing that should be affecting how the page renders. OTOH I do have the minimum font size cranked up globally. On (admittedly) cursory exam I didn't see a form to submit anything, so I gravitated to the rather large login widget under the assumption that it must be important because it's so big. :) Of course I wish now that I had spent a little more time searching for a suggestion link, but with the only prominently displayed suggestion-related item being the "ARIN Consultation and Suggestion Process" header, and no form below it, my eye went to the next biggest thing.
The Suggestion Process page should haved displayed for you without any login; it describes the suggestion process as follows:
"Any person in the ARIN community is welcome to make a suggestion regarding an existing or potential ARIN service or practice. Such a suggestion will be sent to ARIN as described at Suggestion Submission<https://www.arin.net/app/suggestion/> page. "
Yes, when going to that page it's a lot more clear. I'm glad that it's my own incompetence that prevented me from effectively making a submission. Perhaps we're all better off as a result. :) Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/
On Jan 11, 2011, at 1:45 AM, Doug Barton wrote:
On (admittedly) cursory exam I didn't see a form to submit anything, so I gravitated to the rather large login widget under the assumption that it must be important because it's so big. :) ...
Doug - It's perfectly understandable, and doesn't distract from your main point that the circumstances (ARIN effectively mandating MAIL-FROM for authentication) is patently unacceptable and shouldn't require any more effort than pointing such out in email. I did not perceive the situation initially, and hence sent Jeff Wheeler off to said suggestion form. As noted, we're now looking into how to fix the IRR authentication situation and will report back asap. /John John Curran President and CEO ARIN
On Jan 11, 2011 at 8:14AM, John Curran wrote:
It's perfectly understandable, and doesn't distract from your main point that the circumstances (ARIN effectively mandating MAIL-FROM for authentication) is patently unacceptable and shouldn't require any more effort than pointing such out in email. I did not perceive the situation initially, and hence sent Jeff Wheeler off to said suggestion form. As noted, we're now looking into how to fix the IRR authentication situation and will report back asap.
As you are checking out authentication, can you also check out the notify fields as well. I was informed in July 2010 that neither mnt-nfy nor notify fields were operational. I submitted suggestion 2011.2 requesting these be activated. Regards, Andrew Koch TDS Telecom - IP Network Operations andrew.koch@tdstelecom.com
On Jan 11, 2011, at 10:18 AM, Koch, Andrew wrote:
As you are checking out authentication, can you also check out the notify fields as well. I was informed in July 2010 that neither mnt-nfy nor notify fields were operational. I submitted suggestion 2011.2 requesting these be activated.
Will do - Thanks for the note. /John John Curran President and CEO ARIN
On Jan 11, 2011, at 9:14 AM, John Curran wrote:
As noted, we're now looking into how to fix the IRR authentication situation and will report back asap.
Based on the ARIN's IRR authentication thread a couple of weeks ago, there were suggestions placed into ARIN's ACSP process for changes to ARIN's IRR system. ARIN has looked at the integration issues involved and has scheduled an upgrade to the IRR system that will accept PGP and CRYPT-PW authentication as well as implementing notification support for both the mnt-nfy and notify fields by the end of August 2011. For further details, please look at: https://www.arin.net/participate/acsp/suggestions/2011-1.html https://www.arin.net/participate/acsp/suggestions/2011-2.html I'd like to thank everyone for bringing this situation to our attention, and will report back once this functionality is in place. Thanks! /John John Curran President and CEO ARIN
Based on the ARIN's IRR authentication thread a couple of weeks ago, there were suggestions placed into ARIN's ACSP process for changes to ARIN's IRR system. ARIN has looked at the integration issues involved and has scheduled an upgrade to the IRR system that will accept PGP and CRYPT-PW authentication as well as implementing notification support for both the mnt-nfy and notify fields by the end of August 2011.
way cool! thank you. randy
On Jan 28, 2011, at 4:09 AM, Randy Bush wrote:
Based on the ARIN's IRR authentication thread a couple of weeks ago, there were suggestions placed into ARIN's ACSP process for changes to ARIN's IRR system. ARIN has looked at the integration issues involved and has scheduled an upgrade to the IRR system that will accept PGP and CRYPT-PW authentication as well as implementing notification support for both the mnt-nfy and notify fields by the end of August 2011.
way cool! thank you.
No problem at all (and my apologies for not noticing this state of affairs sooner) /John
On Thu, Jan 27, 2011 at 10:00 PM, John Curran <jcurran@arin.net> wrote:
Based on the ARIN's IRR authentication thread a couple of weeks ago, there were suggestions placed into ARIN's ACSP process for changes to ARIN's IRR system. ARIN has looked at the integration issues involved and has scheduled an upgrade to the IRR system that will accept PGP and CRYPT-PW authentication as well as implementing notification support for both the mnt-nfy and notify fields by the end of August 2011.
I'm glad to see that a decision was made to improve the ARIN IRR, rather than stick to status-quo or abandon it. However, this response is essentially what most folks I spoke with off-list imagined: You have an immediate operational security problem which could cause service impact to ARIN members and others relying on the ARIN IRR database, and fixing it by allowing passwords or PGP to be used is not very hard. As I have stated on this list, I believe ARIN is not organizationally capable of handling operational issues. This should make everyone very worried about any ARIN involvement in RPKI, or anything else that could possibly have short-term operational impact on networks. Your plan to fix the very simple IRR problem within eight months is a very clear demonstration that I am correct. How did you arrive at the eight month time-frame to complete this project? Can you provide more detail on what CRYPT-PW hash algorithm(s) will be supported? Specifically, the traditional DES crypt(3) is functionally obsolete, and its entire key-space can be brute-forced within a few days on one modern desktop PC. Will you follow the practice established by several other IRR databases (including MERIT RADB) and avoid exposing the hashes by way of whois output and IRR database dumps? If PGP is causing your delay, why don't you address the urgent problem of supporting no authentication mechanism at all first, and allow CRYPT-PW (perhaps with a useful hash algorithm) and then spend the remaining 7.9 months on PGP? The plan and schedule you have announced is indefensible for an operational security issue. -- Jeff S Wheeler <jsw@inconcepts.biz> Sr Network Operator / Innovative Network Concepts
On Jan 29, 2011, at 10:50 PM, Jeff Wheeler wrote:
On Thu, Jan 27, 2011 at 10:00 PM, John Curran <jcurran@arin.net> wrote:
Based on the ARIN's IRR authentication thread a couple of weeks ago, there were suggestions placed into ARIN's ACSP process for changes to ARIN's IRR system. ARIN has looked at the integration issues involved and has scheduled an upgrade to the IRR system that will accept PGP and CRYPT-PW authentication as well as implementing notification support for both the mnt-nfy and notify fields by the end of August 2011.
I'm glad to see that a decision was made to improve the ARIN IRR, rather than stick to status-quo or abandon it.
Good to hear.
However, this response is essentially what most folks I spoke with off-list imagined: You have an immediate operational security problem which could cause service impact to ARIN members and others relying on the ARIN IRR database, and fixing it by allowing passwords or PGP to be used is not very hard.
I appreciate your estimate of the effort required to address this problem, but we're not doing this as a completely separate system but with the intention of having some level of integration with our existing ARIN Online system in the future. While this may take more effort, and was not in our original 2011 budget, we have been able to add it to plan with development to begin later in the year.
As I have stated on this list, I believe ARIN is not organizationally capable of handling operational issues.
You've asserted this belief in prior messages (as well as noting that "No one is forced to use ARIN IRR") If the IRR does not meet your needs during this period, I would recommend using one of the many alternative routing registries available. In any case, I'd like to thank you again for raising the concern about lack of IRR authentication, as it was instrumental in bringing this matter to resolution. Thanks! /John John Curran President and CEO ARIN
Date: Sat, 08 Jan 2011 18:08:12 +0900 From: Randy Bush <randy@psg.com> Subject: Re: AltDB?
aha! there we go. the old ietf attitude. you come to the mountain.
well, i'll tell you what i told the ietf. the high and mighty mountain can bite my ass.
Let me see if I've got this right -- you think ARIN should change their policies, but _you_ are not willing to put in any personal effort to make it happen, right? Can you think of any good reason why _any_ organization should care about the opinions of someone with that attitude?
Let me see if I've got this right -- you think ARIN should change their policies, but _you_ are not willing to put in any personal effort to make it happen, right?
i not put in personal effort? you're kidding or really new here, right? one underlying problem with the RIRs, ICANN, ... is that once we form these organizations, they start thinking like organizations, protect themselves, look to budgets, look to liability, .... welcome to real life. but these realistic organizational things sometimes actually have conflict with the original goals. randy
Date: Sun, 09 Jan 2011 06:25:33 +0900 From: Randy Bush <randy@psg.com> Cc: nanog@nanog.org Subject: Re: AltDB?
Let me see if I've got this right -- you think ARIN should change their policies, but _you_ are not willing to put in any personal effort to make it happen, right?
i not put in personal effort? you're kidding or really new here, right?
I used future tense, not past. Taking your prior language at face value, which you elided, it appears that you have no intent of any future participation in ARIN processes. Your subsequently revaealed story regarding your thwarted attempt at a _requested_ run for a BoT seat, provides some understanding for a 'why' for that attitude. I'll simply note that _if_ you do cease future particioation in =their= process, you _have_ 'let the bastards win'.
Taking your prior language at face value, which you elided, it appears that you have no intent of any future participation in ARIN processes.
i am doing so right here and now. you just don't like my choice of forum and probably my message. tough patooties. randy
On Jan 8, 2011, at 7:08 PM, Randy Bush wrote:
Taking your prior language at face value, which you elided, it appears that you have no intent of any future participation in ARIN processes.
i am doing so right here and now. you just don't like my choice of forum and probably my message. tough patooties.
randy
Throwing rocks at a process in another organizations forum is not participating in the process any more than standing before the Syrian Government and criticizing the US congress would be participating in US politics. Owen
On Jan 8, 2011, at 7:39 AM, Robert Bonomi wrote:
Let me see if I've got this right -- you think ARIN should change their policies,
Not policies. Operations. Or rather, how ARIN communicates and obtains buy-in from the operational community regarding operations that affect that community.
but _you_ are not willing to put in any personal effort to make it happen, right?
Not to speak for Randy, but I believe he is suggesting the onus is on ARIN to engage the community their activities impact, rather than the community engaging ARIN.
Can you think of any good reason why _any_ organization should care about the opinions of someone with that attitude?
Liability? Folks don't have an option regarding where they get some of the services. An (imperfect) analogy: in the SF bay area, the monopoly provider of pipeline natural gas, PG&E, appears to have made the operational decision to cut costs in inspecting high risk gas lines and not upgrade those pipelines (despite receiving permission from the CA PUC to bill ratepayers for the upgrade). Pragmatically speaking, the vast majority of folks affected by the operation of those pipelines most likely had no interest in making a personal effort to ensure PG&E does what they say they'll do. In Sept 2009, one of those high risk pipelines exploded. I imagine PG&E now cares a great deal about the folks who were affected as you can probably already hear the class action lawsuit lawyers revving their engines. Regards, -drc
Paul, On Jan 7, 2011, at 10:24 PM, Paul Vixie wrote:
the price of changing what ARIN does is, at a minimum: participation.
Another view is that ARIN's whole and sole reason for being is to provide services to the network operators in the ARIN region. As such, it would be ill-advised for ARIN to change those services without consulting the community that ARIN serves and getting their buy-in. Hopefully, there's a middle ground.
i hear in what you're saying a desire to have a way to impact ARIN's behaviour outside of NRPM edits and perhaps ARIN does need to address this with some new online forum for things which aren't allocation policy but which should still be decided using community input.
Yep. Not sure it should be an ARIN-operated thing (nor am I sure that it shouldn't be), but something a bit more focused on the operation of services ARIN provides than ppml might be helpful. Regards, -drc
From: David Conrad <drc@virtualized.org> Date: Fri, 7 Jan 2011 23:11:32 -1000
On Jan 7, 2011, at 10:24 PM, Paul Vixie wrote:
the price of changing what ARIN does is, at a minimum: participation.
Another view is that ARIN's whole and sole reason for being is to provide services to the network operators in the ARIN region.
yes.
As such, it would be ill-advised for ARIN to change those services without consulting the community that ARIN serves and getting their buy-in.
that's very much what i mean by participation. arin could never exist without a community to serve. if there are better ways to serve the community or better ways for the community to participate in steering arin's services, then i'm very interested in discovering them.
Hopefully, there's a middle ground.
this *is* the middle ground. we're beyond the span of decades when a couple of smart engineers could bang out a working solution that the rest of the community would just adopt out of opportunity and inertia. and let's not just blame-the-lawyers for that. the stakeholders in the infrastructure of the information economy now number in the 'many' and their views and needs have to be represented in the decisions that get made by places like ICANN, IETF, the RIRs, and similar.
i hear in what you're saying a desire to have a way to impact ARIN's behaviour outside of NRPM edits and perhaps ARIN does need to address this with some new online forum for things which aren't allocation policy but which should still be decided using community input.
Yep. Not sure it should be an ARIN-operated thing (nor am I sure that it shouldn't be), but something a bit more focused on the operation of services ARIN provides than ppml might be helpful.
count me as 'intrigued' and expect me to be thinking more about this.
On Jan 8, 2011, at 4:11 AM, David Conrad wrote:
Another view is that ARIN's whole and sole reason for being is to provide services to the network operators in the ARIN region. As such, it would be ill-advised for ARIN to change those services without consulting the community that ARIN serves and getting their buy-in. Hopefully, there's a middle ground.
Agreed. Presently, we rely upon the ARIN consultation and suggestion process for getting tactical input on operational changes. We also recognize guidance from the IETF both via IAB communications and in the form of the BCP RFC series. Obviously, if there were a convenient way for the operator community to provide consensus guidance on Internet number resource operational matters, such input would be highly valued.
On Jan 7, 2011, at 10:24 PM, Paul Vixie wrote:
i hear in what you're saying a desire to have a way to impact ARIN's behaviour outside of NRPM edits and perhaps ARIN does need to address this with some new online forum for things which aren't allocation policy but which should still be decided using community input.
Yep. Not sure it should be an ARIN-operated thing (nor am I sure that it shouldn't be), but something a bit more focused on the operation of services ARIN provides than ppml might be helpful.
Excellent question. To the extent that it is best practices on these types of services, then that's relatively easy for ARIN to interface with... if it is specific direction to ARIN to "do xyz", then ultimately the decision rests with the ARIN Board regarding that input, since that involves how we spend the service fees of the members. On Jan 8, 2011, at 4:15 PM, David Conrad wrote:
While I think BCOPs (and BCOP BoFs) are a great idea, I guess the question is how can folks be assured that ARIN would follow a NANOG community-defined BCOP relating directly to ARIN operations. For example, if the NANOG community were to (reasonably) say "BCOP is to use IETF-defined standards for publishing and accessing resource registration data", I'd imagine ARIN might (reasonably) disagree and continue down the RWS path.
If the process for forming such recommendations were fair & open to the same community, the resulting documents would be quite compelling. While that does not assure ARIN would follow them, this community has never been shy about providing feedback when the right things aren't happening... (and I'd note that a community which capable of reaching consensus on such documents is equally capable of seating a Board amenable to such documents, if there ever were to be a problem in this area)
My impression is that the various WGs and SIGs in the other RIRs perform something similar to that function. There doesn't appear to be anything similar in the ARIN region.
The role is served by the ARIN Board, which is member-elected and composed of volunteers (and myself as CEO). If folks think that a more formal structure for operational input (either within ARIN or via liaison to another body) is called for, I'd suggest continued discussion on the various mailing lists. Interesting discussion... thanks for raising it. /John John Curran President and CEO ARIN
On 1/9/2011 5:27 PM, John Curran wrote:
Excellent question. To the extent that it is best practices on these types of services, then that's relatively easy for ARIN to interface with... if it is specific direction to ARIN to "do xyz", then ultimately the decision rests with the ARIN Board regarding that input, since that involves how we spend the service fees of the members.
Which ARIN membership does have some resources on, though I do believe they could be improved, as most membership input deals more with the NRPM and not with auxiliary services.
The role is served by the ARIN Board, which is member-elected and composed of volunteers (and myself as CEO). If folks think that a more formal structure for operational input (either within ARIN or via liaison to another body) is called for, I'd suggest continued discussion on the various mailing lists.
It's always a stickler, too. PPML works well for NRPM, but ARIN doesn't have enough auxiliary services to warrant a mailing list dealing with them. It becomes more of a suggestion, proposal, feedback, implementation, more feedback process. ARIN is generally good at notification of implementation concerning new services, though it would be nice if they had better channels for feedback through the entire process of new services so that they could be closer in sync with the membership. I don't believe services should reach the PDP level, but better communication wouldn't hurt, especially with members who generally don't know how or realize they can participate. It's just my personal opinion as a member. ARIN always has communication with other organizations and even nanog. They've always been polite in accepting input from others (even if they don't implement every suggestion, they'll be much nicer than some IETF people). :) Jack
On Jan 10, 2011, at 7:25 AM, Jack Bates wrote:
On 1/9/2011 5:27 PM, John Curran wrote:
Excellent question. To the extent that it is best practices on these types of services, then that's relatively easy for ARIN to interface with... if it is specific direction to ARIN to "do xyz", then ultimately the decision rests with the ARIN Board regarding that input, since that involves how we spend the service fees of the members.
Which ARIN membership does have some resources on, though I do believe they could be improved, as most membership input deals more with the NRPM and not with auxiliary services.
Members may bring any topic of interest to arin-discuss. The fact that there is more traffic on ppml dealing with the NRPM than there is on arin-discuss dealing with other issues is a matter of where the members choose to focus their attention more than anything else.
The role is served by the ARIN Board, which is member-elected and composed of volunteers (and myself as CEO). If folks think that a more formal structure for operational input (either within ARIN or via liaison to another body) is called for, I'd suggest continued discussion on the various mailing lists.
It's always a stickler, too. PPML works well for NRPM, but ARIN doesn't have enough auxiliary services to warrant a mailing list dealing with them. It becomes more of a suggestion, proposal, feedback, implementation, more feedback process. ARIN is generally good at notification of implementation concerning new services, though it would be nice if they had better channels for feedback through the entire process of new services so that they could be closer in sync with the membership. I don't believe services should reach the PDP level, but better communication wouldn't hurt, especially with members who generally don't know how or realize they can participate.
PPML is a forum for the community (not just ARIN members, the entire community). There is a separate mailing list... arin-discuss which is for members of ARIN to discuss any ARIN-related topic of interest to the membership. They can and sometimes do discuss operational matters there. Additionally, there is the ACSP which allows members or the community to send comments and suggestions to ARIN regarding anything, including operations, etc. The ACSP provides a process for community review of the suggestions and semi-formal comment processes as well. Everything you are asking for in your last paragraph is available. Perhaps what is needed is better education of the membership and community on what tools are available and how to use them. Were you familiar with arin-discuss prior to this message? If so, in what way does it not meet the need you are describing? I'm not trying to pick on you Jack. I'm really trying to identify if what we have here is an issue of needing better tools, or, if all we need is better education and utilization of the tools that are already in place, or, some combination of both. Thanks, Owen
On 1/10/2011 5:13 PM, Owen DeLong wrote:
Members may bring any topic of interest to arin-discuss. The fact that there is more traffic on ppml dealing with the NRPM than there is on arin-discuss dealing with other issues is a matter of where the members choose to focus their attention more than anything else.
Would that be the list I've tried to subscribe to multiple times, get an autoresponder that it has to be approved, and then never hear a word?
PPML is a forum for the community (not just ARIN members, the entire community). Good to know. I was under the impression that it was member only.
There is a separate mailing list... arin-discuss which is for members of ARIN to discuss any ARIN-related topic of interest to the membership. They can and sometimes do discuss operational matters there.
Except it's listed as no input from ARIN itself?
Everything you are asking for in your last paragraph is available. Perhaps what is needed is better education of the membership and community on what tools are available and how to use them. Were you familiar with arin-discuss prior to this message? If so, in what way does it not meet the need you are describing?
I can't get subscribed, so, :P I also haven't seen on the website pointers for where different tools and resources fall into for community review, comment, suggestion, etc. Perhaps it's just my website navigation skills. However, as I said previously, I have no serious complaints. It's not like the AC and CEO aren't publicly visible and vocal. Jack
PPML is a forum for the community (not just ARIN members, the entire community). Good to know. I was under the impression that it was member only.
Nope... Anyone interested can subscribe to PPML.
There is a separate mailing list... arin-discuss which is for members of ARIN to discuss any ARIN-related topic of interest to the membership. They can and sometimes do discuss operational matters there.
Except it's listed as no input from ARIN itself?
ARIN does occasionally send informational postings to arin-discuss, but, you are correct that ARIN staff does not engage in the discussions on that list. Perhaps a mechanism for ARIN participation would be a good improvement in this area.
Everything you are asking for in your last paragraph is available. Perhaps what is needed is better education of the membership and community on what tools are available and how to use them. Were you familiar with arin-discuss prior to this message? If so, in what way does it not meet the need you are describing?
I can't get subscribed, so, :P
I'll try to address this issue with you off-list.
I also haven't seen on the website pointers for where different tools and resources fall into for community review, comment, suggestion, etc. Perhaps it's just my website navigation skills. However, as I said previously, I have no serious complaints. It's not like the AC and CEO aren't publicly visible and vocal.
Thanks... We try to be accessible to the community for just this reason. I think the website doesn't particularly point to those things, but, there pretty much are only three directions to go and the web site does provide a description of each one... PPML for discussion of number resource policies and related matters. ACSP for suggestions and consultations of the community on non-policy matters. arin-discuss mailing list for discussion with other members about any topic of interest to the ARIN membership, potentially including demand/desire for tools, operational practices of ARIN, fees, etc. Does that help? Owen
Owen, On Jan 10, 2011, at 3:13 PM, Owen DeLong wrote:
Members may bring any topic of interest to arin-discuss.
Just to be clear, arin-discuss is limited to ARIN members?
They can and sometimes do discuss operational matters there.
Operational matters that impact more than members?
The ACSP provides a process for community review of the suggestions and semi-formal comment processes as well.
Which community? Regards, -drc
On Jan 10, 2011, at 8:52 PM, David Conrad wrote:
Owen,
On Jan 10, 2011, at 3:13 PM, Owen DeLong wrote:
Members may bring any topic of interest to arin-discuss.
Just to be clear, arin-discuss is limited to ARIN members?
To the best of my knowledge, yes.
They can and sometimes do discuss operational matters there.
Operational matters that impact more than members?
Operational matters as in ARIN operations. While operations ARIN does such as rDNS, whois, etc. may impact those outside of ARIN membership, ARIN members are (generally) the ones paying for those operations. If you want a say in changing those operations (and thus changing what it costs to perform them), you can become a member of ARIN for a mere $500/year, or, you can use the ACSP which is the process for submitting non-policy matters to ARIN which are then brought before the community on PPML in a non-policy context.
The ACSP provides a process for community review of the suggestions and semi-formal comment processes as well.
Which community?
The community on PPML. Owen
participants (15)
-
Christopher Morrow
-
David Conrad
-
Doug Barton
-
Jack Bates
-
Jeff Wheeler
-
John Curran
-
Jon Lewis
-
Koch, Andrew
-
Lee Howard
-
Mans Nilsson
-
Owen DeLong
-
Paul Vixie
-
Randy Bush
-
Robert Bonomi
-
Simon Leinen