> On Dec 16, 2014, at 2:19 PM, Christopher Morrow
> wrote:
>
> zombie-thread!
>
>> On Thu, Dec 4, 2014 at 12:39 PM, John Curran wrote:
>> t (i.e. exactly the opposite of your “my routing decisions are affected
>> and breakage happens” statement in your prior email.)
>
> the discussion in the
zombie-thread!
On Thu, Dec 4, 2014 at 12:39 PM, John Curran wrote:
> t (i.e. exactly the opposite of your “my routing decisions are affected
> and breakage happens” statement in your prior email.)
the discussion in the thread was interesting, sometimes a bit more
personal than was required and a
On Dec 6, 2014, at 3:27 AM, Alex Band wrote:
>
> If ARIN (or another other RIR) went offline or signed broken data, all signed
> prefixes that previously has the RPKI status "Valid", would fall back to the
> state "Unknown", as if they were never signed in the first place. The state
> would NO
> On 5 Dec 2014, at 18:00, Nick Hilliard wrote:
>
> On 05/12/2014 11:47, Randy Bush wrote:
and the difference is?
>>> rpki might work at scale.
>>
>> ohhh noo!
>
> So if e.g. ARIN went offline or signed some broken
> data which caused Joe's Basement ISP in Lawyerville to go offlin
>>> rpki might work at scale.
>> ohhh noo!
>
> rtconfig + prefix lists were never going to work at scale, so rpsl based
> filters were mostly only ever deployed on asn edges rather than dfz core
> inter-as bgp sessions. This meant that the damage that a bad update might
> cause would be r
On 05/12/2014 11:47, Randy Bush wrote:
>>> and the difference is?
>> rpki might work at scale.
>
> ohhh noo!
rtconfig + prefix lists were never going to work at scale, so rpsl based
filters were mostly only ever deployed on asn edges rather than dfz core
inter-as bgp sessions. This meant
On Dec 5, 2014, at 6:38 AM, Randy Bush wrote:
>
> i run rtconfig to take irr data and auto-install the fiter in my router
>
> i run rpki-rtr to take rpki date and auto-install the fiter in my router
>
> and the difference is?
Not much - that's very likely why RIPE's IRR terms and conditions
re
>> fwiw, we had a script set running which took a route views dump,
>> created an ersatz roa set covering the whole table, and fetched it
>> into a small router or two.
>
> which implementation?
dragon labs
randy
On Fri, 5 Dec 2014, Randy Bush wrote:
> >> and the difference is?
> > rpki might work at scale.
>
> ohhh noo!
>
> fwiw, we had a script set running which took a route views dump,
> created an ersatz roa set covering the whole table, and fetched it
> into a small router or two.
>
whi
>> and the difference is?
> rpki might work at scale.
ohhh noo!
fwiw, we had a script set running which took a route views dump, created
an ersatz roa set covering the whole table, and fetched it into a small
router or two. it got boring, so i am not sure it's still there. if
you want,
On 05/12/2014 11:38, Randy Bush wrote:
> and the difference is?
rpki might work at scale.
Nick
i run rtconfig to take irr data and auto-install the fiter in my router
i run rpki-rtr to take rpki date and auto-install the fiter in my router
and the difference is?
you ean we made the second easier and more automatable? well then run
the rpki data into the handy dandy roa to irr filter and
On Dec 4, 2014, at 2:19 PM, Sandra Murphy wrote:
> ...
> Which begs the question for me -- ARIN already operates services that
> operators rely upon. Why are they different? Does ARIN run no risk of
> litigation due to some perceived involvement of those services in someone's
> operational ou
On Dec 4, 2014, at 2:33 PM, Jared Mauch wrote:
>
> the fact it’s taken 3 months to reach the board is of concern to me for an
> issue
> that was raised (prior to the October meeting) by operators, andwhere you
> were an active part of the discussion afterwards in the back of the plenary
> room.
> On Dec 4, 2014, at 2:41 PM, Bill Woodcock wrote:
>
>
> On Dec 4, 2014, at 11:33 AM, Jared Mauch wrote:
>> the fact it’s taken 3 months to reach the board is of concern
>
> Jared, ARIN is now nine years in to applying thrust to this pig. The board
> does in fact revisit it with some freque
This pig is less aerodynamic, and fewer people are pushing.
In-addr DNS and whois are simple and well-understood protocols, with many
programmer-years of software development behind them.
The problem isn't the marginal cost of a single transaction, that might only be
one or two orders of mag
On 12/4/14, 2:19 PM, "Sandra Murphy" wrote:
>Which begs the question for me -- ARIN already operates services that
>operators rely upon. Why are they different? Does ARIN run no risk of
>litigation due to some perceived involvement of those services in
>someone's operational outage?
WG] I'm h
On 12/4/14, 2:34 PM, "Andrew Gallo" wrote:
>Am I correct in thinking that the SIDR work going on in the IETF takes the
>registries out of the real-time processing of route
>authentication/attestation?
WG] no, but they're at least discussing ways of making the dependencies
less fragile and more s
On Thu, 04 Dec 2014 11:28:42 -0800, Bill Woodcock said:
> > On Dec 4, 2014, at 11:21 AM, valdis.kletni...@vt.edu wrote:
> > Orders of magnitude? Seriously? I can buy it costs 2x or 3x.
> > But an additional 2 or 3 zeros on the price?
> Yep, thats why all this is at issue. If it were cheap, and
On Dec 4, 2014, at 11:33 AM, Jared Mauch wrote:
> the fact it’s taken 3 months to reach the board is of concern
Jared, ARIN is now nine years in to applying thrust to this pig. The board
does in fact revisit it with some frequency, since it’s expensive and the
primary thing blocking other sof
On 12/4/14, 1:34 PM, "Bill Woodcock" wrote:
>I’ve asked a lot of people, “Would you be willing to pay ARIN for RPKI
>services,” and the answer has always been “no.” Until I get a “yes,”
>it’s hard to put a number (other than zero) on how the market values
>RPKI.
WG] well, if it wasn't clear fr
Am I correct in thinking that the SIDR work going on in the IETF takes the
registries out of the real-time processing of route
authentication/attestation?
Is RPKI a stop-gap while we wait for full path validation? Should we be
focusing our energies in that area?
On Thu, Dec 4, 2014 at 2:19 PM, S
> On Dec 4, 2014, at 2:19 PM, John Curran wrote:
>
> On Dec 4, 2014, at 1:19 PM, Jared Mauch wrote:
>>
>> I (similar to Rob) have my own concerns about RPKI but do feel that
>> this is an ARIN specific construct/wall that has been raised without
>> action yet from ARIN.
>
> Jared -
>
> P
> On Dec 4, 2014, at 11:21 AM, valdis.kletni...@vt.edu wrote:
>
> On Thu, 04 Dec 2014 11:17:34 -0800, Bill Woodcock said:
>> the RPKI costs are many orders of magnitude higher
>
> Orders of magnitude? Seriously? I can buy it costs 2x or 3x.
> But an additional 2 or 3 zeros on the price?
Yep,
On Thu, 04 Dec 2014 11:17:34 -0800, Bill Woodcock said:
> the RPKI costs are many orders of magnitude higher
Orders of magnitude? Seriously? I can buy it costs 2x or 3x.
But an additional 2 or 3 zeros on the price?
pgp_PXDy5bSuP.pgp
Description: PGP signature
On Dec 4, 2014, at 1:19 PM, Jared Mauch wrote:
>
> I (similar to Rob) have my own concerns about RPKI but do feel that
> this is an ARIN specific construct/wall that has been raised without
> action yet from ARIN.
Jared -
Please be specific - are you referring to the indemnification claus
On Dec 4, 2014, at 12:39 PM, John Curran wrote:
> On Dec 4, 2014, at 11:35 AM, Christopher Morrow
> wrote:
>
> Note that the claims that could ensue from an operator failing to follow best
> practices
> and then third-parties suffering an major operational outage is likely to be
> large
> On Dec 4, 2014, at 11:11 AM, Robert Seastrom wrote:
> I suspect you would get a similar answer if you asked people "Would you be
> willing to pay ARIN for whois services" or "would you be willing to pay ARIN
> for in-addr.arpa services”.
Actually, since those are relatively inexpensive, I su
On Dec 4, 2014, at 1:34 PM, Bill Woodcock wrote:
>
>> On Dec 4, 2014, at 10:17 AM, George, Wes wrote:
>> WG] Has there been any actual discussion about how much "nobody" would
>> have to pay for ARIN (or another party) to fix the balance of liability
>> and provide a proper SLA that led to "no
On 12/4/14, 1:13 PM, "John Curran" wrote:
>>>I am happy to champion the change that you seek (i.e. will get it
>>>reviewed
>>> by legal and brought before the ARIN Board) but still need clarity on
>>>what
>>> change you wish to occur -
>>>
>>>A) Implicit binding to the indemnification/warran
> On Dec 4, 2014, at 10:17 AM, George, Wes wrote:
> WG] Has there been any actual discussion about how much "nobody" would
> have to pay for ARIN (or another party) to fix the balance of liability
> and provide a proper SLA that led to "no, I don't want to pay for that"
> responses from those who
> On 4 Dec 2014, at 18:53, John Curran wrote:
>
> On Dec 4, 2014, at 12:32 PM, George, Wes wrote:
>> Those are operational matters, implemented by the staff, governed by the
>> board, who is informed by their legal council and staff. That is part of
>> the reason why I brought some of the issue
>> Comparing what you do with Time Warner cable seems like pure hyperbole and
>> an attempt
>> as CEO to inflame community discussion at minimum.
>
> Actually, it is to remind folks that such indemnification language is
> sought by most ISPs, despite their services being used in a mission
> crit
>>On Thu, Dec 4, 2014 at 7:51 AM, Bill Woodcock wrote:
>
>> > All the specific legal feedback I’ve heard is that this is a
>> > liability
>> > nightmare, and that everyone wants ARIN to take on all the
>> > liability, but
>> > nobody wants to pay for it.
WG] Has there been any actual discussion
On Dec 4, 2014, at 1:01 PM, Jared Mauch wrote:
>> I am happy to champion the change that you seek (i.e. will get it reviewed
>> by legal and brought before the ARIN Board) but still need clarity on what
>> change you wish to occur -
>>
>>A) Implicit binding to the indemnification/warrant di
Bill Woodcock writes:
>> On Dec 4, 2014, at 7:35 AM, Andrew Gallo wrote:
>>
>> In my informal conversations, what I got was that lawyers read the
>> agreement, said 'no, we wont sign it' and then dropped it. If
>> specific legal feedback isn't making it back to ARIN, then we need
>> to start p
> On Dec 4, 2014, at 12:53 PM, John Curran wrote:
>
> On Dec 4, 2014, at 12:32 PM, George, Wes wrote:
>> Those are operational matters, implemented by the staff, governed by the
>> board, who is informed by their legal council and staff. That is part of
>> the reason why I brought some of the i
On Dec 4, 2014, at 12:32 PM, George, Wes wrote:
> Those are operational matters, implemented by the staff, governed by the
> board, who is informed by their legal council and staff. That is part of
> the reason why I brought some of the issues to the NANOG community, since
> interaction with ARIN
On Dec 4, 2014, at 11:35 AM, Christopher Morrow wrote:
> ...
> Maybe it would be helpful for the ARIN Counsel to document in a more
> public way (than the RPA) what the concerns are and how that
> translates into 'different risk than the publication of whois data' ?
This is apparently being discu
On 12/4/14, 10:35 AM, "Andrew Gallo" wrote:
>Honestly, that's what I'm trying to figure out as well. In my informal
>conversations, what I got was that lawyers read the agreement, said 'no,
>we wont sign it' and then dropped it. If specific legal feedback isn't
>making it back to ARIN, then we
Hello,
On 12/4/2014 2:33 PM, Andrew Gallo wrote:
>
> On 12/4/2014 11:22 AM, William Herrin wrote:
> Understood and good point. I've heard rumblings of setting up a
> non-ARIN TAL, though I wonder what the value is in separating RPKI from
> the registry. Wouldn't this put us in the same position
Hello,
On 12/4/2014 2:33 PM, Andrew Gallo wrote:
>
> On 12/4/2014 11:22 AM, William Herrin wrote:
> Understood and good point. I've heard rumblings of setting up a
> non-ARIN TAL, though I wonder what the value is in separating RPKI from
> the registry. Wouldn't this put us in the same position
On Thu, Dec 4, 2014 at 11:22 AM, William Herrin wrote:
> On Thu, Dec 4, 2014 at 10:51 AM, Bill Woodcock wrote:
>> All the specific legal feedback I’ve heard is that this is a liability
> nightmare,
>> and that everyone wants ARIN to take on all the liability, but nobody
>> wants to pay for it. A
On 12/4/2014 11:22 AM, William Herrin wrote:
On Dec 4, 2014, at 7:35 AM, Andrew Gallo wrote:
In my informal conversations, what I got was that lawyers read
the agreement, said 'no, we wont sign it' and then dropped it. If
specific legal feedback isn't making it back to ARIN, then we
need to st
- Original Message -
> From: "Ca By"
> On Thu, Dec 4, 2014 at 7:51 AM, Bill Woodcock wrote:
> > All the specific legal feedback I’ve heard is that this is a
> > liability
> > nightmare, and that everyone wants ARIN to take on all the
> > liability, but
> > nobody wants to pay for it. Ar
>> On Dec 4, 2014, at 7:35 AM, Andrew Gallo wrote:
>> In my informal conversations, what I got was that lawyers read
>>the agreement, said 'no, we wont sign it' and then dropped it. If
>>specific legal feedback isn't making it back to ARIN, then we
>>need to start providing it,
Hi Andrew,
The s
On Thu, Dec 4, 2014 at 7:51 AM, Bill Woodcock wrote:
>
> > On Dec 4, 2014, at 7:35 AM, Andrew Gallo wrote:
> > In my informal conversations, what I got was that lawyers read the
> agreement, said 'no, we wont sign it' and then dropped it. If specific
> legal feedback isn't making it back to ARI
few months, I've spoken with, or heard second hand, from a
>>> number of organizations that will not or cannot sign ARIN's RPKI Relying
>>> Agreement.
>>>
>> Do we have a handle on *why* organizations are having issues with the
>> agreement?
>>
>
>
They want a pony.
> On Dec 4, 2014, at 7:35 AM, Andrew Gallo wrote:
> In my informal conversations, what I got was that lawyers read the agreement,
> said 'no, we wont sign it' and then dropped it. If specific legal feedback
> isn't making it back to ARIN, then we need to start providing it,
All the specific l
iding it, otherwise,
the agreement will stand.
On 12/4/2014 10:04 AM, valdis.kletni...@vt.edu wrote:
On Thu, 04 Dec 2014 09:57:05 -0500, Andrew Gallo said:
In the past few months, I've spoken with, or heard second hand, from a
number of organizations that will not or cannot sign ARIN&#x
nizations that will not or cannot sign ARIN's RPKI Relying
>>> Agreement.
>>
>> Do we have a handle on *why* organizations are having issues with the
>> agreement?
>
> wes outlined some of his reasons here:
> https://www.nanog.org/sites/default/files/wednesday
On Thu, Dec 4, 2014 at 10:04 AM, wrote:
> On Thu, 04 Dec 2014 09:57:05 -0500, Andrew Gallo said:
>
>> In the past few months, I've spoken with, or heard second hand, from a
>> number of organizations that will not or cannot sign ARIN's RPKI Relying
>> Agreemen
On Thu, 04 Dec 2014 09:57:05 -0500, Andrew Gallo said:
> In the past few months, I've spoken with, or heard second hand, from a
> number of organizations that will not or cannot sign ARIN's RPKI Relying
> Agreement.
Do we have a handle on *why* organizations are having issues
Greetings:
In the past few months, I've spoken with, or heard second hand, from a
number of organizations that will not or cannot sign ARIN's RPKI Relying
Agreement. Acceptance of this agreement is required in order to gain
access to ARIN's Trust Anchor Locator (TAL).
Giv
54 matches
Mail list logo
