Chris,
On Thu, Mar 21, 2013 at 11:43 AM, Randy Bush <ra...@psg.com> wrote:
In our analysis we associate number of CAs in the global RPKI with
the number of distinct IP resource holders.
sure, and as a proxy for that 'AS Operator', it's not a 1:1
correlation to be sure but it should be reasonably close, no?
do we have anything other than conjecture on which to base estimations
of the numbers of CAs or repositories?
no, since there aren't any CA's in existence...
well, there are over 1,300 so far, but almost all are managed CAs.
we have, or I have, a
model that says:
"If you want to publish a ROA, you need to have a CA and you need to
run a publication point"
still true, even for managed CAs.
To me that means at the least every ASN will have a publication point
(and this a roa and a CA).
it's a ROA, a manifest, a CRL, maybe a GB record, and a CA cert in the
parent's pub point.
I jump to 'CA == REPO == AS-Operator == ASN allocated' because lacking
any direct data otherwise it seems like a good estimation of numbers.
great example of conjecture. do you have any fact/measurement-based
idea of how many CAs or repositories there might be five or ten years
from now? the only data i have is the small number of IRR repositories
and whois servers. and i suspect/hope that is a poor estimator.
I really don't know how to estimate ASIDE from saying: "it seems
reasonable that the repo number will track with assigned ASN"
see my earlier comment re this possible equivalency.
I could be wrong, I could also be corrected if someone else has a
compelling story... I don't think it's harmful to say "tracks to ASN
numbers" though, if it's too large a number we can be surprised by
performance... if it's too small, we can also be surprised :)
but i very strongly doubt that any significant portion of the stub ASs,
84% of the ASs, will run CAs.
they may not.
they may use a hosted-model product.
but even in the "hosted model" each of these fokks is represented by
a CA and a pub point. I think the only issue is whether each is a separate
repository.
I suspect that very soon after 'hosted model' comes into being in the
large, the operators of these systems will realize that if someone
dislikes one of their customers they can't survive as a business if
all other customers also disappear. They will be forced to run the
system with unique names/ips for each customer (names at a minimum so
they can shift problem children away).
So, in the above case... CA == ASN == REPO
I don't understand that last argument. Can you expand on it?
Thanks,
Steve
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
