At Wed, 7 Sep 2016 10:42:10 -0400, Christopher Morrow wrote:
...
> I think it means that since there is no single root coming 'soon',
Because they have chosen to neither create one nor work out their
issues with the obvious external candidate. Politics.
> the RIR's are taking a step to move forward with rpki despite the
> 'no single root' existing. Ideally they would have a method to keep
> from being out of sync in their processing of
> requests/changes. Ideally that process would be outlined in the
> document here so we'd be able to say: "Ok, as the rpki lives on, how
> does X and Y and Z get done? what happens at X step 3 when Carlos
> decides to take a very long lunch? how does the process move along?
> what checks/balances are there?"
So they're proposing a half-assed alternative instead of doing what
they should be doing and promised us they would be doing. Politics.
> That's the part that you're referring to as KC's comment, I think?
No, KC's comment was the observation that this is a cost transfer and
a technically bad one: it's the RIRs pushing problems onto RPs instead
of solving those problems, and technically bad because the RPs have no
sane grounds for deciding which RIR to believe when RIRs disagree.
> I don't disagree that running a CA is 'simple'... I think though
> that if the RIRs are in a position where there won't be a single
> root above them 'for a while' (it's been ~10 yrs at this point)
They could have a single root next week if they wanted one badly
enough. (Lack of) action speaks louder than words. Politics.
Well, unless the current generation of RIR CA implementations don't
support the client side of the provisioning ("up-down") protocol,
which would be interesting in view of their long-standing promise to
move towards a single root. I have no data on this other than that
it's been at least five years since the last time I participated in an
up-down interoperability test with RIR CA software in the client role;
I have no idea whether the RIRs have tested this since that time.
> but they feel they need to move forward with something, is this
> direction acceptable? is it better to document that decision and
> it's gotchas than to not move forward at all? or to 'continue
> waiting for the single root' to arrive?
Each RIR separately claiming ownership of 0-4294967295,0.0.0.0/0,::0/0
is not progress towards anywhere we want to go.
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
