[lacnog] El proceso para crear ROAs en todos los RIRs

[Carlos Martinez-Cagnazzo]

Hey,

On 23/9/25 12:48 PM, Job Snijders wrote:
> On Tue, 23 Sep 2025 at 17:41, Carlos Martinez-Cagnazzo 
> <carlos en lacnic.net> wrote:
>
>     Thanks Job,
>
>     I believe there is a sweet spot somewhere. If you run a really large
>     org, I believe operationally it make sense to run your own CA. You
>     may
>     run into things like the need to run transfers, move space from one
>     service to the other and you will feel more at home running something
>     you can deeply integrate with your automation platforms.
>
>     If you run a small org, you are definitely better off on hosted.
>
>
>
> I disagree with some of what you say, having worked for several large 
> orgs, I contend that the RIR-provided APIs work just as fine as poking 
> APIs of an internal CA; RIR probably better.

There is a risk-management side of things that we cannot ignore. But I 
disgress.

I think this is one point where we can agree to disagree :-)

>
> The observable experience with “a really large org running their own 
> CA”, so far has only demonstrated that the large org repeated all the 
> mistakes that the RIRs made in the beginning.
>
> “Large” just doesn’t equate “good execution”.
>
IMO that's a separate discussion. I agree with you, but I believe that 
should be taken care "out of band" if you will. Be it policies, MANRS or 
whatnot.

One thing I believe we would all benefit from is some form of "RPKI 
Etiquette" that of course involves proper running delegated CAs.

> Kind regards,
>
> Job
/Carlos
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion:https://mail.lacnic.net/mailman/options/lacnog
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20250923/38fbbd53/attachment.htm>