Those are fair points Sandy, I agree they need to be resolved.
It's just that RPKI feels like a _really heavy solution to _that problem. That said, if that problem were solved nearly all of what I care about with regard to routing security (and inter-domain anti-spoofing) could be addressed.
To what extent is the ROA growth rate in the RIPE region (on
page 5 of the NANOG slides) enabled by the IRR practices of
that region?
I do recognize that there are issues (as Wes nicely identified
in Baltimore and which we'll be working on) that get in the way
of RPKI deployment in the ARIN region, but those issues are not
present other non-RIPE regions - yet the number actual ROA's
issued still appears to be rather low...
To what extent is the ROA growth rate in the RIPE region (on page 5 of
the NANOG slides) enabled by the IRR practices of that region?
check out slide 3, lacnic has a 20% adoption rate. both ripe and lacnic
have put energy into their own systems, educating users, ... ripe's
curve would not seem to show correlation with recent liberalization of
policy, but i doubt it is wise to twy to squeeze cause out of curves.
I do recognize that there are issues (as Wes nicely identified in
Baltimore and which we'll be working on) that get in the way of RPKI
deployment in the ARIN region, but those issues are not present other
non-RIPE regions - yet the number actual ROA's issued still appears to
be rather low...
20% coverage in lacnic low? how do ipv6 and dnssec compare (which is
damned sad)? over 2,000 in ripe and over 8%? how does that compare to
ipv6?
arin, 388 and 0.7%, a joke. slide 5 "It’s What Happens When You Let
Lawyers and Wannabe Regulators Run the Internet"
i really loved the arin ac guy i met in baltimore who did not think
having arin meet at nanog was good because those operators just did not
get how to regulate the internet. you've been captured by the tea
party.
LACNIC numbers (as a percent) are quite good, but my question
was why only RIPE has the very impressive total count of ROAs.
You can clearly point to ARIN's legal treatment of the risks involved,
but that is not applicable in the APNIC case....
You don't feel there's any correlation between RIPE's IRR approach
and their RPKI success?
LACNIC numbers (as a percent) are quite good, but my question
was why only RIPE has the very impressive total count of ROAs.
< conjecture follows >
of course one can never know. but i conject
o the are the largest registry actively promotin registration
o the ncc, particularly alex, tim, oleg, ... have put significant
effort into making it very easy to register
o they have a culture of cooperation and doing things well
You can clearly point to ARIN's legal treatment of the risks involved,
but that is not applicable in the APNIC case....
it is hard to register in apnic, ask folk who have tried. the most
active folk are under NIRs, who are only now working on deployment.
apnic is not really promoting it.
You don't feel there's any correlation between RIPE's IRR approach and
their RPKI success?
that's the cooperative culture bit, actually interested in the net
running well.
LACNIC numbers (as a percent) are quite good, but my question
was why only RIPE has the very impressive total count of ROAs.
< conjecture follows >
of course one can never know. but i conject
o the are the largest registry actively promotin registration
o the ncc, particularly alex, tim, oleg, ... have put significant
effort into making it very easy to register
o they have a culture of cooperation and doing things well
Reasonable conjecture; implies that in this region we need to overcome
our interesting legal situation, make things easy to use, and then do
some significant promotion.
You can clearly point to ARIN's legal treatment of the risks involved,
but that is not applicable in the APNIC case....
it is hard to register in apnic, ask folk who have tried. the most
active folk are under NIRs, who are only now working on deployment.
apnic is not really promoting it.
Ah, good to know (and reinforces potential ARIN issues beyond legal
wrangling)
You don't feel there's any correlation between RIPE's IRR approach and
their RPKI success?
that's the cooperative culture bit, actually interested in the net
running well.
Presumably the NANOG community is also interested in keeping the net
running well, so if ARIN can provide some reasonably usable services,
that shouldn't be an issue.