It's an interesting problem, what do other non ARIN members do for their
own legacy space for ROA's?
My guess is this is similar to the situation "alternative gTLD root"
servers found themselves in many years ago. I bet we could ask common RPKI
software to update their default list to include this "legacy" trust
anchor. Now would be the time, as the universe of RPKI software is small.
I'm happy to foot the bill for the Krill instance on DigitalOcean or the
likes, maybe Chris (VE7ALB) can provide some assistance?
--Matt
On Tue, May 26, 2020 at 2:03 PM Bryan Fields via 44Net <
44net(a)mailman.ampr.org> wrote:
On 5/25/20 1:29 PM, Quan Zhou via 44Net wrote:
It looks like ARIN supports delegation[0], the
model seems like what the
relationship between 44net and ARIN now?
If that works, maybe It's like this: ARIN delegates [44/9,
44.128.0.0/10] to AMPRNet/ARDC, and they run a subordinate CA to issue
RV records. Configure and keep running a compliant CA can be a real
challenging though.
ARDC is not an ARIN member, ARIN will not delegate to them. Full Stop.
If this is going to be a thing, it would have to be outside ARIN. I'd be
in-favor of assisting on this, but we'd need buy-in from the users of RPKI
to
recognize the amateur certs.
--
Bryan Fields
727-409-1194 - Voice
http://bryanfields.net
_________________________________________
44Net mailing list
44Net(a)mailman.ampr.org
https://mailman.ampr.org/mailman/listinfo/44net