On 20 Sep 2022, at 2:29 PM, Randy Bush <randy@psg.com<mailto:randy@psg.com>> wrote:
Does another barrier to entry make sense?
ROV's ROA creation is a barrier to entry in north america, as discussed
in another thread or see
https://scholarship.law.upenn.edu/faculty_scholarship/2035/ Randy -
I’d agreed in principle with the statement that "ROA creation is a barrier to entry in north america” –
as ARIN both started later with its RPKI service development and in some places has taken different
approaches due to liability concerns in the highly litigious US environment in which we operate.
Noting such, it is also worth pointing out that in the three years since publication of the You/Wishnick
(UPenn) report, ARIN has made several significant changes in order to make our RPKI services more
usable both by those issuing ROAs as well as relying parties (e.g., integrating the RPKI service into
ARIN Online, adding support for hybrid ROA distribution model, allowing parties that wish to redistribute
ARIN RPKI repository to do so under agreement, allowing RPKI validator packages to distribute ARIN’s
TAL and use simple click acceptance of the RPA, and most recently issuing an update to the ARIN
RSA/LRSA which strikes much of the language in section 7 that gave pause to some organizations
during their legal review. These changes occurred after discussions & feedback from this community,
including in 2019 inviting Professor Yoo present his findings during the ARIN 43 meeting –
<
https://www.arin.net/blog/2019/04/09/arin-43-day-2-daily-recap/>
ARIN still has quite a bit to go with RPKI: we’ve only recently been doing focused training on RPKI
deployment; our RPKI user interface has colorful artifacts due to the requirement that organizations
externally digitally sign their ROA requests, and we lack any interface support for cross RPKI, IRR
& routing state reconciliation. Addressing these items is now underway and should help growth of
RPKI in the region, but I note that it is not holding back some organizations – ARIN has already seen
significant RPKI growth in 2021 and 2022. Just this year (January through the end of August) we have
gone from 2,334 to 2,931 orgs deploying RPKI and published ROAs going from 41,648 to 55,418.
We have substantial IPv4 address space in the ARIN region and therefore quite a long way to go
before our ROA coverage as a percentage is comparable to other regions, but the surge in RPKI
deployment over the last two years already has the total of ARIN IPv4 space covered by ROAs
comparable to that of the RIPE region in absolute terms; see [1] below. I don’t dispute that “ROA
creation is a barrier to entry in north america” (and remains so until ARIN addresses some of the
remaining issues) but also believe that the characterization in the three year old report is not as
timely / valid as when first issued, as since that time there has been a noticeable surge in RPKI
deployment in the region.
Thanks!
/John
John Curran
President and CEO
American Registry for Internet Numbers
[1] <
https://certification-stats.ripe.net<
https://certification-stats.ripe.net/>>
[cid:0B31B960-BD1A-4907-97DC-DBBE2078304C]