Nick, On Mon, Oct 15, 2012 at 05:11:33PM +0100, Nick Hilliard wrote:
thanks for your comments. Can you explain how this link doesn't exist if the sponsoring LIR has requested RPKI certification on behalf of the PI end user, and why this contractual link is invalid in this situation?
That is an argument against RPKI rather than one in favour of sponsoring-LIR registration, IMO. To whit, the imposition of a hierarchical structure on a non-hierarchical internet and the creation of "chains-of-responsibility" from thin air where none exist (and shouldn't exist). It would be better to have the end-user rpki-register their own resources with the RIR (who can easily verify their validity) [disclosure of commercial relationships]
Much the same argument could be made about the requirement to register PA address space assignees in the RIPE DB. Yet we accept that this is a good thing.
Not all of these relationships are actually registered, viz DSL or wireless broadband dynamic ranges. The relationship of end-user and PA holder is far more obvious by its nature, so I'm not sure much is gained by trying to keep it secret. Even so, privacy issues *have* arisen out of this situation... With PI it's not the same situation *at all*. PI space is provider-*independent* and thus may be one last way to prevent a LIR becoming collateral damage in an attack on the end-user (eg a politically controversial organisation) rgds, Sascha Luck