North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP Security and PKI Hierarchies

  • From: Michael.Dillon
  • Date: Mon Nov 28 11:19:53 2005

> The/One difficulty is that signing up for this new service,
> for at least one registry, requires that you sign up for the
> same membership relationship as the non-legacy-holders.  That
> means you submit to the registry authority over the address
> you were allocated for "free", and obligates you to paying the
> fee thereafter. 

The fees are not charged for past services that were
received for free, only for future services. I see 
nothing wrong here. The RIR is offering these organizations
the same services at the same terms as everyone else.
This closely corresponds to the term "fair" in an
economic market context.

> And therefore risking having the address
> reclaimed if membership rules are not met.

If membership rules were hard to meet, then the existing
RIR members would be changing those rules. The RIRs are
membership organizations that respond to the desires of
their membership. I don't know of any reason why a 
reasonable network operator would risk having their
address reclaimed. Essentially, the RIRs give addresses
to those who need them and use them. If a member needs
and uses an address range, then the RIRs are not 
going to reclaim it.

> The question is whether the cert signing service is valuable enough
> to warrant the change in risk.  If the cert signing service is
> put into use widely enough, then I hope people would see that as
> a value and buy in.

I hope so to. I think that the RIRs are in an ideal position
to offer certificate services and that as membership organizations
they are also a form of "web of trust" except that the trust is
not entirely transmitted in the form of encrypted codes.

I also think that the IN-ADDR.ARPA and IP6.ARPA services operated
by the RIRs are valuable and worthwhile to us all. 

And I would like to see the RIRs offer services like Cymru
and routing registries on a more coordinated and *OFFICIAL*
basis. In fact, a recent query on the list pointed to an opportunity
to offer a registry of "intended use ASNs" where the holder of
an IP address range could indicate the ASNs in which they intend
to have their address range announced.

--Michael Dillon