Re: [sidr] Current document status && directionz

Christopher Morrow <> Thu, 08 September 2016 18:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 64A8E12B0D9 for <>; Thu, 8 Sep 2016 11:39:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XRzlMaTNEfiL for <>; Thu, 8 Sep 2016 11:39:31 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2D47812B068 for <>; Thu, 8 Sep 2016 11:39:31 -0700 (PDT)
Received: by with SMTP id m184so52102540qkb.1 for <>; Thu, 08 Sep 2016 11:39:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=kFNYPfaRPjODuPu/RnZbHa3s8X1Uj42TTzRPU44IO4Q=; b=K1xVQAhP3om7ZtnRwDzwdW9aNmqvC6zL2+d1jCx6vAOlmNXO0895iudPRXpWKdhIz7 oC1Xql92xZTQjCcEdNyWfETE3FhX1dkVcqqDSHyul8oEJPaG7DxyxcARC8WGYjeiZ4+Q DaOty13Pch0G3DgUCBHDxVwWBRZUYGhynA3mdvuhKhIP8C212I1zNtlIaV5v2wOmyL3b 8J68crPXvUvb5nueiz+WZqkXAmRaMRKWaLIoPR7bEwMkuVSihvnkWEj/y7g5GE0QXeBD bEdZUZSrH75EIn+Nmw1xUyHDHhFVimFNpL5rkjzKRKjvlXlNhKOWzhXKikLCUsS3j6B7 yDTQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=kFNYPfaRPjODuPu/RnZbHa3s8X1Uj42TTzRPU44IO4Q=; b=YJMbR1yyeTfHCoFmc/+yTIISu3QjqZl0hWuN0jf37I3kh29Cu8UqpsPJ8E1T/DDkJy OS3G3GcXJj0N/FS0WL9rjirJG7SnZF1GUKJe3RIZGS+UwjC8S/yTDR8t+OJBLIplVKN/ tCEFXHUUF2lLEi3fA4TE1gDbytTIrsRzq2PlXdgeAwrj0YYtmVXsJLpw/6tG9BOQOeH4 6EGpxhkj1HIAcQcW6tUA8RMwuGvdYauSv2qHD7Vd1kyUC5CtT6E8p5J1ljkUpb3D7Rf/ KNrtx8pSdyKD0SfH9mHAks+kPyQsLEbElOeKIBGAqGkcmHyFGgBs2EKBruyjgVe/wZDQ LHig==
X-Gm-Message-State: AE9vXwPGpvDnkfyJpWIiHm6f0v+wSePBFJPdDrNXfKFn9wJIAlCFBv5jWMMaNHTwZtWUgvp4y9SMuUzRheqNnA==
X-Received: by with SMTP id 132mr1476496qki.198.1473359970244; Thu, 08 Sep 2016 11:39:30 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Thu, 8 Sep 2016 11:39:29 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <>
From: Christopher Morrow <>
Date: Thu, 08 Sep 2016 14:39:29 -0400
X-Google-Sender-Auth: r7E69htiVU285yYB7l6Rrs3Ofc4
Message-ID: <>
To: David Conrad <>
Content-Type: multipart/alternative; boundary="001a114c23f6a71fa6053c03598c"
Archived-At: <>
Cc: "" <>
Subject: Re: [sidr] Current document status && directionz
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 08 Sep 2016 18:39:33 -0000

(I appreciate the corrections, and I really was trying to not be political
nor be mean to the political parts)

On Thu, Sep 8, 2016 at 1:39 PM, David Conrad <> wrote:

> Chris,
> On September 7, 2016 at 4:42:21 AM, Christopher Morrow (
> wrote:
> I don't disagree that running a CA is 'simple'... I think though that if
> the RIRs are in a position where there won't be a single root above them
> 'for a while' (it's been ~10 yrs at this point) but they feel they need to
> move forward with something, is this direction acceptable? is it better to
> document that decision and it's gotchas than to not move forward at all? or
> to 'continue waiting for the single root' to arrive?
> For blood pressure spiking reasons, I have been trying to keep out of this
> discussion, but this put me over the edge.

sorry about that, not trying to get people angry, really.

> As far as I am aware, ICANN as the IANA Internet Numbering Functions
> Operator, has been and continues to be willing to provide RPKI "single
> root" services. In point of fact, ages ago, I personally authorized
> non-trivial expenditures (including hiring staff) to set up and deploy a
> working RPKI root pilot to allow the RIRs to test working with a single
> root as directed by the IAB in
> correspondence-reports-documents/docs2010/iab-statement-on-the-rpki/:
> "Thus, the IAB strongly recommends a single root aligned with the root of
> the address allocation hierarchy (now part of the IANA function). "
> After said testbed deployment, I was informed that none of the RIRs were
> interested in participating in the tests.
doh! ok, so some mixed signals, that sucks. and makes this confusing and
hard to fix... going forward though, what's the path? "get rir and
iana/icann to agree that this is important, set a schedule for deployment,

> I will admit a high level of amazement and not a small amount of
> disappointment at the fascinating level of complexity being created in
> order to avoid a single root.
> This is not technical.
ok, so we're back to: "I hear what you are saying, we (community) really
need 'single root' please go make that happen."

it seems to me.