On Nov 7, 2012, at 7:48 PM, Michael Sinatra wrote: > > In addition to Sandy's concerns, the agreement contains a third-party > indemnification clause (as do other ARIN RPKI-related agreements) that makes > it difficult for many state and federal government (and large EDUs) to simply > click through and sign. In most of these environments, the network engineers > who would be wanting to try out RPKI would not be permitted to agree to such > indemnification. This may also be true at large corporations.
> This, I think, has very little architectural impact, but it does mean > additional hoops for operators (like myself) to experiment with RPKI and/or > put it in production. As such, further discussion is probably out of scope > for SIDR, and I will take this to arin-discuss@ accordingly. But I did want > to give this group an FYI that this may be at least a speed-bump on the > deployment front. Thanks for the feedback and explanation Michael, I understand. Quite frankly, I share _ARIN's concern about the implications of this and their resulting exposures, and I appreciate their careful consideration of this issue. It's certainly on _my "Risks relating to our business" radar. I also appreciate Sandy's attempt to consider this in the context, i.e., "I think the wg needs to consider the potential impact and any potential mechanisms that would lessen impact." and I would add "and figure out what the real constraints are and iterate our problem space and design/solutions space to accommodate these concerns." Impacting state in routers through this machinery introduces new parties to the Internet routing system control plane, and ARIN clearly takes this seriously -- I'm glad. Introducing RPKI data directly into routers, which this WG is doing, will result in controls effectuated in the routing system. This has system-wide implications and will impact my network *whether I participate in that system or not*. This IS a fundamental architectural change to how things work today, and we all need to consider the implications very carefully. This fuels a great deal of my concern here, particularly when I don't see this solving some pretty fundamental issues, such as the Google incident today. -danny _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr