I would certainly be interested in RPKI implementation, and a few questions come to mind.
First, I'm curious is it possible to use the ARIN hosted TA even though it's legacy space?
Also, I'm wondering how the ROA creation and signing process would be handled. It wont work to have the entirety of AMPRNet signed for AS7377 AMPRGW announcement, so we would have to come up with a way to create ROAs for the other networks authorized to announce smaller allocations.
Nate
Nate
On Sun, May 24, 2020 at 9:06 PM Bryan Fields via 44Net 44net@mailman.ampr.org wrote:
On 5/24/20 11:26 PM, Scott Nicholas via 44Net wrote:
I think we could run our own RPKI but the ARIN won't sign us. Therefore we would just have to publish our trust anchor for others to include in their validators if they must use it..
I would be interested in doing this. I had a pretty long talk about it at a hotel bar about this very thing last year. It wouldn't be that hard IMHO.
This does beg the question, is ARDC trustworthy/open enough to be the anchor of this?
-- Bryan Fields
727-409-1194 - Voice http://bryanfields.net
44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net