[sidr] On 0/0 at the 5 TAs - Answers to some questions

"Carlos M. Martinez" <carlosm3011@gmail.com> Thu, 08 September 2016 14:39 UTC

Return-Path: <carlosm3011@gmail.com>
X-Original-To: sidr@ietfa.amsl.com
Delivered-To: sidr@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 06A4312B2A7 for <sidr@ietfa.amsl.com>; Thu, 8 Sep 2016 07:39:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id bvvMoIpAZ4iZ for <sidr@ietfa.amsl.com>; Thu, 8 Sep 2016 07:39:39 -0700 (PDT)
Received: from mail-vk0-x229.google.com (mail-vk0-x229.google.com [IPv6:2607:f8b0:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE21E12B1A0 for <sidr@ietf.org>; Thu, 8 Sep 2016 07:39:38 -0700 (PDT)
Received: by mail-vk0-x229.google.com with SMTP id f76so42778510vke.0 for <sidr@ietf.org>; Thu, 08 Sep 2016 07:39:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=pmbYmYh3dv0qfhEuHdR52c7KvwdHJ6xOHc8FqjVuFh0=; b=SxHAfgcBSeGLbkBHrCwYM4JLEPPMNBGJIrv72EmrWute+uGd1RcvQ/qSX2WTueI3sP R2am0W63l+iim+bRKi0Q4jgFpwvl4XSGrRcieJACF+lr+c94qH5Y7C89ODEK8yVp85qY MJBFikLl9qX+Cqx6fOfsDuYrNrKt2LMnDzoJ+yzTP3ZwtXBJAfOJ0AHKYtqw2j+heiCf V1XvmsPx10m3kSHQhTNz+OvzPmqrPErlF6WxSBJSwEEz6UvxT/C6N38cfGjYTphKNO1X 1uySZgcg8g/3EODjaMXdf1Li/0JAYLHX3hR7pA5AMwgTZpdEgRvB2N2h3dHPTkYDaVXr w44w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=pmbYmYh3dv0qfhEuHdR52c7KvwdHJ6xOHc8FqjVuFh0=; b=cSNZMJRLAuxkTxOQ3EI8KUdE9+0vQRyJwNrWph/FI7wxdh6f+bxhGGCaqESEyjJp8K itApE5nOoWzvT4hcsvoFkOIgAaLru/tcEHssNNKAXVNghopSN255LAQQQ2bUeQt0Dxm/ ju2VqM9vwUi/OFuvfKDDHUGhr++9Ujh755PXBRzPhuaZ/7/xskQHZ75aVIZ6enZ9PG5/ 6SPFDPV8Tl46dcE6gN+Oqf5bLA54/Os4YXJwQbOYGQ+6d4i1YhuphNxRUHoMZ/YE6RhX AbJ/kC+J6Qq2fieTyd9MIjfVwXtQtqkWQjcNe1FR9gdq+HsZDmaGan0jxbY6k2S5iIIW oLrg==
X-Gm-Message-State: AE9vXwOnhKmEo6cZcu/xNXlUMJgvItBHgjO02hkxpVbi0tcfcv3l7DM56g9Pq3KoYJN2zA==
X-Received: by with SMTP id s185mr14484202vkg.31.1473345577783; Thu, 08 Sep 2016 07:39:37 -0700 (PDT)
Received: from [] ([]) by smtp.gmail.com with ESMTPSA id w66sm5894672vkw.13.2016. for <sidr@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 Sep 2016 07:39:37 -0700 (PDT)
From: "Carlos M. Martinez" <carlosm3011@gmail.com>
To: sidr <sidr@ietf.org>
Date: Thu, 08 Sep 2016 11:39:35 -0300
Message-ID: <5E409AD4-CF23-4D7A-8052-52F6D7EF4C30@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Mailer: MailMate (1.9.5r5260)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sidr/uCNrle2Jde0GSkMsAE72QM2nZys>
Subject: [sidr] On 0/0 at the 5 TAs - Answers to some questions
X-BeenThere: sidr@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Interdomain Routing <sidr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sidr>, <mailto:sidr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sidr/>
List-Post: <mailto:sidr@ietf.org>
List-Help: <mailto:sidr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sidr>, <mailto:sidr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2016 14:39:40 -0000

Hi all,

In this second email, I will take most of the questions I identified in 
the directionz thread and we can take it from here:

1- Whether the RIRs are willing to "back up on this"
Depending on what is meant by 'this'. If 'this' refers to  'back up on 
the whole 0/0 idea', I of course cannot provide an absolute answer, but 
I don't think the RIRs are willing to do that just now.

However, we don't necessarily see 0/0 as a permanent state, just as the 
previous one wasn't.

If 'this' refers to WG adoption, definitely. If the WG doesn't want the 
document, then we are fine with that. We will probably pursue an 
independent submission since we believe that it’s important that this 
gets documented within the IETF.

2. Regarding how the top levels of the cert tree will look like (Roque)
Roque asks whether there will be a 2nd level certificate that will list 
the resources each RIR has, in the same way as today's top level 
certificates do.

Short answer: it will be RIR-dependent.

A bit longish answer:

In our case (LACNIC), we will probably do what you've described, but 
just because that is the simplest thing for us to do. However, bear in 
mind we don't have inter-RIR transfer policies that apply to us, and if 
such a policy gets approved we will probably review this decision.

If there is a need to have a way to list what an RIR's holdings are, 
there are ways to do that which do not involve RPKI. In fact, RPKI certs 
are not authoritative as of today. They are fed from other systems that 
are authoritative; systems that also feed the logic that generates the 
'delegated-extended-stats' files. Regarding listing resources, these 
files are just as authoritative as the RPKI certs are.

An RIR's holdings can be easily aggregated up by looping through the 
delegated-extended files. If there is a community need that the RIRs 
publish a file stating which our holdings are, we are open to talk about 

Again, thanks for all your feedback.