Re: [sidr] On 0/0 at the 5 TAs - Some comments on the motivations

"Carlos M. Martinez" <> Thu, 08 September 2016 16:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9987D12B352 for <>; Thu, 8 Sep 2016 09:02:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.45
X-Spam-Status: No, score=-2.45 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sJSGt9Wkzcbw for <>; Thu, 8 Sep 2016 09:02:10 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400c:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 78A4E12B421 for <>; Thu, 8 Sep 2016 08:58:02 -0700 (PDT)
Received: by with SMTP id 16so25710638vko.2 for <>; Thu, 08 Sep 2016 08:58:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=W4pOn6FyIoOSjuGmMwz+wXy3fct60AQZzhgF3ZXgoE0=; b=Alhq4d/NsLiQcY5uibtB5eqZT3AN7nLZ4mZkloZMvaFcQBzGIxwdhUhsxosMPAEqvR 0K4BL9J4lK2/fqaK2sQcEi4fp5/lj1+saVXr5c7vgaDzM46Syw73zoA36KLq25RPb8AI OkUCd7hCJdEbftV5f9EPQ0KlY+/6NLpYREPDkWi6y+YfV4Dp6sNllPI62y7oKi+95eAF S1J2jjAyDYVwtyhjh5FntzJtsntjUvLFDIS3lW+SLGrrFB7oa4Pd/J0loXTaPk+9+K9F 4gwGnP4xsCCD1+Nq879LGrdE5WQtrhsjR3wrO6lVgPd3YDaFEnbMbqoW5XSAujvrpEuC bPVA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=W4pOn6FyIoOSjuGmMwz+wXy3fct60AQZzhgF3ZXgoE0=; b=ZrlgsndxlwouLdJiamg2v5uW5dWwF1BMty+MP8V4RiKICvU2qjF5Om2t0O1PZApjvs dUcoITUw3b8Wp3jzLWhCdteJ31FMYw9flxOdRsvdYj/JImoUIjhZyaA0KM84ULJQaOHS NdhXknVobrvjnHiuCO6UJ+9kSxq7O6G6UiLCm2Q1efSAthmulMhRaoqI3I7vq1jtZH61 WmaQF6ITnv3bkRVthfc2Gf5KY4q0HcRY+ok/bhOz7Xy7vgrZYGwMtfmG9ZCZ7CBDgzWw nn6qvQN+Je57yTEurewWNuIoqT31J2dSdJmmRxq5dmUIpuNTE9a9Dd+vqrFkmnfEtMDu iC9g==
X-Gm-Message-State: AE9vXwMszx7vlvLYVtyrrsEsRzo4+Y3I1Kuf7LggN6/TMrW5Y9P8F/YaGCSBGidO0DYHxg==
X-Received: by with SMTP id h62mr256514vkb.63.1473350281241; Thu, 08 Sep 2016 08:58:01 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id 12sm3741994uak.7.2016. (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 Sep 2016 08:58:00 -0700 (PDT)
From: "Carlos M. Martinez" <>
To: Rob Austein <>
Date: Thu, 08 Sep 2016 12:57:57 -0300
Message-ID: <>
In-Reply-To: <>
References: <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.5r5260)
Archived-At: <>
Subject: Re: [sidr] On 0/0 at the 5 TAs - Some comments on the motivations
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 08 Sep 2016 16:02:14 -0000

Hi Rob,

I’ll let each RIR answer for themselves. In our case (LACNIC), we 
don’t support up/down. We’ve had a very rough implementation of a 
‘parent’ CA for a while, but since there is essentially no demand 
for it from our members, the project always gets down-prioritized.

If the GTA was to gain any traction, we’d commit resources accordingly 
in order to support it from the ‘child’ side.

In short: it’s not the availability of up-down what has stalled the 



On 8 Sep 2016, at 12:37, Rob Austein wrote:

> Hi, Carlos.  Technical question:
> Do the current RIR CA implementations support the client role of the
> "up-down" provisioning protocol, and, if so, has there been any recent
> interop testing of this, either against other RIR CA implementations
> or against mine?
> APNIC's original implementation did support it.  I think RIPE's
> implementation sort of supported it at one point but they did not
> consider it production-ready.  Dunno about the others, and all of this
> was a while ago, haven't heard much about it recently.
> _______________________________________________
> sidr mailing list