[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: apnic - second day better

To: Harald Tveit Alvestrand <harald@alvestrand.no>, Randy Bush <randy@psg.com>, iesg <iesg@ietf.org>, iab <iab@ietf.org>
Subject: Re: apnic - second day better
From: Geoff Huston <gih@telstra.net>
Date: Thu, 21 Aug 2003 12:52:44 +1000
In-reply-to: <858284567.1061407825@localhost>
References: <5.1.0.14.2.20030821105554.02018430@localhost><E19pP2D-0000pP-Sr@roam.psg.com><E19pIky-0000ZN-G1@roam.psg.com><E19pP2D-0000pP-Sr@roam.psg.com><5.1.0.14.2.20030821105554.02018430@localhost>

At 07:30 PM 20/08/2003 -0700, Harald Tveit Alvestrand wrote:

--On 21. august 2003 10:56 +1000 Geoff Huston <gih@telstra.net> wrote:

  o proposal to regulate transfer of historical address space which
    would strongly encourage, but not mandate, the recipient be an
    apnic member, i.e. incur annual costs etc.  this is likely a
    trial ballon for a change which will be across all registries.

and impacts the possibility of the RIRs signing for
addressblock/AS-number  linkages, which impacts the deployability of
S*BGP.


I read the "impact" as +ve. Do you have a different calibration?

+ve? sorry, not shared mathematical notation.

Apologies, I was too terse - I was attempting to understand whether your
comment regarding 'impact' was positive impact or negative impact.

If the RIRs manage to drive home the idea that you only have "legal" right to address space if you've got an ongoing relationship with an RIR, and that we (for some sense of "we") don't have to care about those with address space the RIRs have no idea who "owns", the idea of trusting the RIRs and only the RIRs to say "what address block belongs to which user" is more viable. If huge chunks of "important" address space aren't in the RIRs' lists of "authorized owners", one has to trust more sources of such info.

Unfortunately, as always, widening your sources of 'trust' can get to the point that you start
to trust simple assertions without regard to supportive authoritative (or trustable) sources of
information that can be used to validate assertions. At that point the efforts to secure
the routing system only secure the relayed transmission of information, but place no
comprehensive trust component on the information itself. This would devalue the end result
of a secure routing infrastructure significantly, in my view. So I would regard the effort to
find trustable authoritative 'anchor points' for such input information to a secure routing
infrastructure to be an essential component of the larger effort. Accordingly, its my personal
view that attempting to fold in historically allocated records (where there is some
levels of uncertainty over the current association between the identity of the address
holder and the address block) into a system where there is a well-defined mechanism for
maintaining such associations in a more robust fashion as being a positive effort
rather than negative. If you have a different impression of the outcomes of such an
initiative in relation to the topic of integrity and security of the routing infrastructure
I'd of course be highly interested to learn of it and understand your perspective.

According to my limited understanding....

Equally in my case.

Regards,

  Geoff

References:
- Re: apnic - second day better
  - From: Geoff Huston <gih@telstra.net>
- Re: apnic - second day better
  - From: Randy Bush <randy@psg.com>
- apnic - second day better
  - From: Randy Bush <randy@psg.com>
- Re: apnic - second day better
  - From: Harald Tveit Alvestrand <harald@alvestrand.no>

Prev by Date: Fwd: Re: apnic - second day better (fwd)
Next by Date: Re: Agenda: draft-zeilenga-ldap-authzid-08.txt
Previous by thread: Re: apnic - second day better
Next by thread: dear APPs ADs...
Index(es):
- Date
- Thread