Re: [sidr] On 0/0 at the 5 TAs - Some comments on the motivations

Daniel Shaw <daniel@afrinic.net> Mon, 12 September 2016 06:21 UTC

Return-Path: <daniel@afrinic.net>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8A5212B0FD for <sidr@ietfa.amsl.com>; Sun, 11 Sep 2016 23:21:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.409
X-Spam-Level:
X-Spam-Status: No, score=-8.409 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.508, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OUshS79HEG7d for <sidr@ietfa.amsl.com>; Sun, 11 Sep 2016 23:21:19 -0700 (PDT)
Received: from smtp.mu.afrinic.net (smtp.afrinic.net [IPv6:2001:43f8:90:606::169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03D4012B0DA for <sidr@ietf.org>; Sun, 11 Sep 2016 23:21:18 -0700 (PDT)
Received: from [2001:43f8:90:250:c1dd:7cff:8998:65f4] (port=54471) by smtp.mu.afrinic.net with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.72) (envelope-from <daniel@afrinic.net>) id 1bjKbx-0005U8-Kj; Mon, 12 Sep 2016 06:20:57 +0000
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Daniel Shaw <daniel@afrinic.net>
In-Reply-To: <D4EFFBFB-452C-48B9-9CAF-7EEEEEDEB2E4@arin.net>
Date: Mon, 12 Sep 2016 10:20:55 +0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <37AA3B60-D41C-4711-9F21-70E823376DD1@afrinic.net>
References: <85DF97DE-0EFD-4002-8EDE-83C3B6CB8E8F@gmail.com> <20160908153701.F0CA0420E4D8@minas-ithil.hactrn.net> <1839617E-8453-4A26-9A4A-7428EE887CF5@gmail.com> <D0405488-0530-4E44-B408-2C1E833B1722@tislabs.com> <D4EFFBFB-452C-48B9-9CAF-7EEEEEDEB2E4@arin.net>
To: sidr wg list <sidr@ietf.org>
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/I_3Yz1We77w5TpxAMWhe-dOGMfc>
Cc: Rob Austein <sra@hactrn.net>, Sandra Murphy <sandy@tislabs.com>
Subject: Re: [sidr] On 0/0 at the 5 TAs - Some comments on the motivations
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Sep 2016 06:21:21 -0000


>>> I’ll let each RIR answer for themselves. In our case (LACNIC), we don’t support up/down. We’ve had a very rough implementation of a ‘parent’ CA for a while, but since there is essentially no demand for it from our members, the project always gets down-prioritized.
>>> 
> 
> For ARIN, we have code for both sides of the relationship tested against the Dragon software and some of the other RIRs. We allow for delegated CAs today in production, but the vast majority of network operators do not opt for it.
> 

Just a quick note on AFRINIC’s implementation: we do support up-down, and have previously also tested with a couple of other RIRs. Testing was some years ago now.


>>> In short: it’s not the availability of up-down what has stalled the GTA.
>> 
> 
> This is the salient point.

Yes.

- Daniel