[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [sig-policy] Comments on prop-059-v001: Using the Resource Public Key Infrastructure to construct validated IRR data

To: Randy Bush <randy@psg.com>
Subject: Re: [sig-policy] Comments on prop-059-v001: Using the Resource Public Key Infrastructure to construct validated IRR data
From: Geoff Huston <gih@apnic.net>
Date: Wed, 13 Aug 2008 06:42:09 +1000
Cc: APNIC Policy SIG List <sig-policy@apnic.net>
Delivered-to: sig-policy@clove.apnic.net
In-reply-to: <48A1F2A4.2020003@psg.com>
List-archive: <http://mailman.apnic.net/mailing-lists/sig-policy>
List-help: <mailto:sig-policy-request@lists.apnic.net?subject=help>
List-id: APNIC SIG on resource management policy <sig-policy.lists.apnic.net>
List-post: <mailto:sig-policy@lists.apnic.net>
List-subscribe: <http://mailman.apnic.net/mailman/listinfo/sig-policy>, <mailto:sig-policy-request@lists.apnic.net?subject=subscribe>
List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/sig-policy>, <mailto:sig-policy-request@lists.apnic.net?subject=unsubscribe>
References: <48A1F0E2.2000006@apnic.net> <48A1F2A4.2020003@psg.com>
User-agent: Thunderbird 2.0.0.16 (Macintosh/20080707)

Randy Bush wrote:

Firstly, the semantics of the two objects differ. A ROA is an
"authority" granted by a prefix holder that nominates an AS as a
potential originating AS. The key observation here is that the AS
holder is not necessarily aware of this ROA, or even necessarily aware
that such an authority has been granted or published, let alone be
prepared to announce the prefix as originating from this AS. The AS
holder cannot cause such an authority to be removed or revoked. In
contrast, a Route Object is a statement by an AS holder to the effect
that the AS is currently, or may in the future, announce a
particular prefix as originating from this AS.


this is completely false.  a route: object is a statement by the prefix
owner of what as may announce, just like a roa; surprise surprise.

both ripe and arin, who seem to understand the technology a bit better,
will be doing this.  as it only really needs to be done once for the
whole internet, if the secretariat wants to throw up chaff to not do
this, no problem.



I must apologize for not being sufficiently clear that this was a personal
contribution to the policy list, and not a comment from the APNIC Secretariat.

In the case that there is any lingering doubt, let me reiterate here as clearly
as I can that this was indeed a personal comment, and the use of the personal
pronoun in the comment was entirely literal.

 Geoff

References:
- [sig-policy] Comments on prop-059-v001: Using the Resource Public Key Infrastructure to construct validated IRR data
  - From: Geoff Huston <gih@apnic.net>
- Re: [sig-policy] Comments on prop-059-v001: Using the Resource Public Key Infrastructure to construct validated IRR data
  - From: Randy Bush <randy@psg.com>

Prev by Date: Re: [sig-policy] Comments on prop-059-v001: Using the Resource Public Key Infrastructure to construct validated IRR data
Next by Date: Re: [sig-policy] Comments on prop-059-v001: Using the Resource Public Key Infrastructure to construct validated IRR data
Previous by thread: Re: [sig-policy] Comments on prop-059-v001: Using the Resource Public Key Infrastructure to construct validated IRR data
Next by thread: Re: [sig-policy] Comments on prop-059-v001: Using the Resource Public Key Infrastructure to construct validated IRR data
Index(es):
- Date
- Thread