In message <CAA=nHSJt9cjU2vt+Zb=n-=w1AHBqMH_4TZ=DuL5VpWZ8N3HTQg@mail.gmail.com> George Michaelson <ggm@apnic.net> wrote:
I think that it is wrong to exclude use of the RPKI signed assertion of authority over a resource to drive admission of foreign records.
I would hate to see... as the old saying goes... the perfect being the enemy of the good. I personally don't know a damn thing about RPKI, other than the fact that it involves some fancy schmancy crypto stuff, and crypto stuff can be made highly secure (which is quite obviously a Good Thing). However over on the anti-abuse mailing list there seems to be at least one fellow... a RIPE member... who seems to loath and despise RPKI. I don't know enough to understand the exact reasons for this. I don't know and I frankly don't care. I just worry that he may not be alone, and that the implication of that possibility is that RIPE will be unable to establish a consensus that RPKI should be required, universally, going forward. I fancy myself a pragmatist. I'll be happy with _any_ solution that works. As I just noted in my prior posting here, it seems to me that a simple e-mail confirmation process which involves the registrant of the IP block for which a new route object is being requested would solve the problem entirely, even while side-stepping the (perhaps politically contentious) issue/question of an enforced universal use of RPKI. If I'm wrong about that, please describe to me how. Regards, rfg