Re: [sig-policy] Requests from routing/packeting concerns
- To: Izumi Okutani <izumi at nic dot ad dot jp>
- Subject: Re: [sig-policy] Requests from routing/packeting concerns
- From: Terry Manderson <terry at terrym dot net>
- Date: Wed, 18 Feb 2009 09:53:56 +1000
- Cc: sig-policy at apnic dot net
- Delivered-to: sig-policy at mailman dot apnic dot net
- In-reply-to: <499A7FEE.7030403 at nic dot ad dot jp>
- List-archive: <http://mailman.apnic.net/mailing-lists/sig-policy>
- List-help: <mailto:email@example.com?subject=help>
- List-id: APNIC SIG on resource management policy <sig-policy.lists.apnic.net>
- List-post: <mailto:firstname.lastname@example.org>
- List-subscribe: <http://mailman.apnic.net/mailman/listinfo/sig-policy>, <mailto:email@example.com?subject=subscribe>
- List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/sig-policy>, <mailto:firstname.lastname@example.org?subject=unsubscribe>
- References: <49954E5C.email@example.com> <firstname.lastname@example.org> <email@example.com> <49995D7F.firstname.lastname@example.org> <49995ECE.email@example.com> <38091C56-CF55-460A-96AC-45BF511C3678@terrym.net> <499A7FEE.firstname.lastname@example.org>
- Sender: Terry Manderson <email@example.com>
On 17/02/2009, at 7:14 PM, Izumi Okutani wrote:
Hi Terry,Resource Certificate may provide an answer to the first needs, butmay be more studies are required for proving it to non-tech people.My reading of this, and do correct me if I'm wrong, is the underlying question of:"What, if any, tools are available that allows my non-technical people to verify that a new/existing customer has this 'new' prefix for whichthey are asking me to route?" yes?Not quite. (but thanks for trying to clarify) the idea is that a routing engineer might need to justify within theirorganization (manager, account department, etc) that it is an authenticaddress worth spending the budget when they obtain a resource.
right so you want something that human/management consumable that says Party A has the right to transfer prefix Z.
so it would help to have a tool/document published to do this. may be aresource cert would be good enough but a concern is that it may be too digital/techy for others to understand.
Maybe you can request APNIC to add it to their never-ending list of software development requests ;-) . I doubt that it would be rocket science to take the output of 'openssl x509 -text', confirm that the prefix fits within a few APNIC rules and provide a auto-generated statement of authenticity under a https type service that you can then print and hand to your business folk.
That was a comment from one of the ISPs here. I wonder how general thisneeds would be as the region?
Perhaps APNIC can poll the members/stakeholders if such a tool is useful?
"cleaness" is interesting. I see the value in the immediately previous details, however due to the business climate and the way organisations are sold/bought/wound-up I suspect that the information used for trouble shooting, such as calling a 'long-ago' holder to get their upstream tochange a filter, may not be all that useful due to ageing of details.I see. i wondered about this after your comment and asked Tomoya Yoshidafrom OCN. Apparently, sometimes the issue or the problem doesn't just lie in the previous holder, but could go a few times back, e.g. to remove address from black list.
Sorry, I fail to see how knowing who those people are actually provides further benefit when you can (as Randy has pointed out) check what the visibility of the prefix is like.
Another point that was mentioned that an operator wish to be aware of the risks of "contaminated" space (black listed, etc) when obtaining space and seeing past records help sometimes. you ofcourse have to do more checks in addition.
Really, would that change the decision on acquiring the prefix in a situation where v4 is exhausted and high demand exists? I would posit that any company looking for IP addresses in a transfers world will take what it can when it can. But I don't see harm in the request from your community.