Kim, I don't know which is the right forum to "to explore the issue of IANA-issued ROAs". I suspect that it still falls in to the bucket that david described as "a form of politics"[1]. I suggest the RSSAC Caucus wouldn't it except to say that to-date I'm not aware that an IANA RPKI TA of any form has been created despite RFC6491 being in existence for over 12 years. [1] Modulo any changes in that environment that might have occurred recently. On the topic of making or establishing "golden" addresses for the root server system, I am quite uncomfortable wth that idea. On the face of it, I see that as a recognition that the method to update the hints files is glacial. More deeply I think it further promotes ossification in a system that should be more agile. Lastly I fear for a process concern should a root server operator be deemed as non-performing or unsuitable (whichever way the governance constructs decree) and is to be removed - but the RSO doesn't want to cooperate. Having that RSO in control of a set of "golden identifiers" means a smooth transition is unlikely to be achievable. I would think a smoother approach would be to change the hints file (yes, putting effort into making the hints file more agile across all DNS codebases) and the NS records in the root zone in participation with an incoming RSO. Cheers Terry
On 8 Oct 2024, at 1:01 AM, Kim Davies via rssac-caucus <rssac-caucus@icann.org> wrote:
Quoting Geoff Huston via rssac-caucus on Saturday October 05, 2024:
"since there isn´t an IANA RPKI TA"
I agree with you that these addresses are "special purpose" addresses and they should exist in the IANA Special Purpose Address Registries. But at that point why shouldn't IANA run its own RPKI TA and announce these and the other addresses that are listed in these registries? If the address is not globally routable it could issue a ROA with AS0. Otherwise it could announce ROAs with the relevant originating addresses.
In my view, if these are addresses in an IANA registry then the RPKI structure should accurately reflect that.
I wasn't a party to the discussions that lead to the current RPKI structure, but this question has come up recently in other contexts where issuing ROAs for IANA reserved address space has been an issue.
I am not sure the right forum to explore the issue of IANA-issued ROAs further, but I do wonder - under David's proposal - what would be the threshold for critical infrastructure that merits IANA reservation? Once you open the door here I have to assume there is a slippery slope of other things that warrant similar consideration.
kim _______________________________________________ rssac-caucus mailing list -- rssac-caucus@icann.org To unsubscribe send an email to rssac-caucus-leave@icann.org
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.