On Wed, May 04, 2011 at 09:58:18PM +0000, John Curran wrote:
... but apparently *would* be able to specify that no one may use RPKI even if that is someone else's particular preferred technology for securing their own stones? A statement that an RIR shall not support RPKI for the resources in its database is equivalent to deciding "no" on behalf those who want to make use of the optional service, correct?
1) If RPKI *is* universally used, there is no choice for those who do not wish the RIRs to be the final arbiters of their ability to speak on the internet. 2) If RPKI *is not* universally used, it doesn't increase security and is therefore a lot of administration effort to absolutely no purpose. 3) Self-signed certificates are most likely a strawman insofar as if an upstream/IXP demands the use of a RIR-signed certificate "for sound security reasons", your self-signed cert isn't worth the paper it's most likely not printed on. 4) What do the holders of legacy space who may not care to enter into a "contractual relationship" with a RIR do? rgds, Sascha