Re: [sig-policy] Requests from routing/packeting concerns
On 17/02/2009, at 7:14 PM, Izumi Okutani wrote:
Hi Terry,
Resource Certificate may provide an answer to the first needs, but
may be more studies are required for proving it to non-tech
people.
My reading of this, and do correct me if I'm wrong, is the underlying
question of:
"What, if any, tools are available that allows my non-technical
people
to verify that a new/existing customer has this 'new' prefix for
which
they are asking me to route?"
yes?
Not quite. (but thanks for trying to clarify)
the idea is that a routing engineer might need to justify within their
organization (manager, account department, etc) that it is an
authentic
address worth spending the budget when they obtain a resource.
right so you want something that human/management consumable that says
Party A has the right to transfer prefix Z.
so it would help to have a tool/document published to do this. may
be a
resource cert would be good enough but a concern is that it may be too
digital/techy for others to understand.
Maybe you can request APNIC to add it to their never-ending list of
software development requests ;-) . I doubt that it would be rocket
science to take the output of 'openssl x509 -text', confirm that the
prefix fits within a few APNIC rules and provide a auto-generated
statement of authenticity under a https type service that you can then
print and hand to your business folk.
That was a comment from one of the ISPs here. I wonder how general
this
needs would be as the region?
Perhaps APNIC can poll the members/stakeholders if such a tool is
useful?
"cleaness" is interesting. I see the value in the immediately
previous
details, however due to the business climate and the way
organisations
are sold/bought/wound-up I suspect that the information used for
trouble
shooting, such as calling a 'long-ago' holder to get their upstream
to
change a filter, may not be all that useful due to ageing of details.
I see. i wondered about this after your comment and asked Tomoya
Yoshida
from OCN.
Apparently, sometimes the issue or the problem doesn't just lie in the
previous holder, but could go a few times back, e.g. to remove address
from black list.
Sorry, I fail to see how knowing who those people are actually
provides further benefit when you can (as Randy has pointed out) check
what the visibility of the prefix is like.
Another point that was mentioned that an operator wish to be aware of
the risks of "contaminated" space (black listed, etc) when obtaining
space and seeing past records help sometimes. you ofcourse have to do
more checks in addition.
Really, would that change the decision on acquiring the prefix in a
situation where v4 is exhausted and high demand exists? I would posit
that any company looking for IP addresses in a transfers world will
take what it can when it can. But I don't see harm in the request from
your community.
Terry