Hi Sandy On Thu, Jun 18, 2009 at 12:05:20PM -0400, Sandy Murphy wrote: > The presentation said that ARIN would be doing a lot of work to > improve the IRR. The last I asked, the ARIN IRR did not support the > RPSS (Routing Policy System Security - RFC2725). RIPE supports this, > I know. Will the ARIN improvements include support for RPSS?
The current effort will only allow for ipv6 objects (route6/inet6num). Further enhancements to ARIN's IRR will be coupled together with improvements to ARIN Online that will be announced in the future. > The presentation talked about the RPKI pilot, and Mark said that > ARIN would be using the RIPE code. I believe RIPE has or had a couple > different attempts at this, so I'm not sure what features the code > you use will have. Will you have the ability to hand certs to ISPs > so that they can do their own cert generation for the allocations > they hand to their own customers? I.e., is ARIN going to run a > service just for its members, or will it enable its members to > participate in the RPKI themselves? We are using the same code that RIPE is using at http://certtest.ripe.net. RIPE has been very kind to allow us to use their code. As for ARIN, this is a pilot and is certainly not a final fixed-feature set. The first go of this is the "hosted" solution where an ISP can come into ARIN's pilot and create ROAs based off of allocations that they have received from ARIN. All the ROAs will be placed into a rsync repository that can be retrieved and validated. Specifically, here are the features that are a part of the system: * Enables ARIN resource holders to request certificates for their IPv4 and IPv6 Provider Aggregatable (PA) resources * Enables ARIN resource holders to manage Route Origin Authorizations (ROAs) for their PA address space * Provides a public repository of certificates and ROAs * Handles key rollovers and revocations Thanks, Mark
