Research:Beacon

From sanctions
Revision as of 06:56, 31 March 2022 by Woody (talk | contribs) (Created page with "The design of the beacon which will be used to verify operation and reach of the program is currently underway on the mailing list, and will be described here when it reaches...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The design of the beacon which will be used to verify operation and reach of the program is currently underway on the mailing list, and will be described here when it reaches stable consensus. It is intended to allow independent verification of IPv4 and IPv6 routing and domain name resolution, and to be robust against orthogonal DNSSEC validation errors.

Generally, our goal is to use two of each type of beacon, on independent and unrelated infrastructure, with one strobing on a one-hour period.

Domain Beacon

We have registered two domain names for this purpose: sanctions-beacon.net and sanctions-beacon.com. Each will be set up to host the necessary responders, on two different independent network connections, using IP addresses not in any of our beacon IP address blocks. We will presumably need to get TLS certs for them as well.

IPv4 Beacon

As of March 30, we have secured a donor for two independent IPv4 /24s, and are awaiting the linking of our new ARIN OrgID, SANCT-7, with the role accounts, so that we can get the transfer initiated.

IPv6 Beacon

As of March 30, we're waiting for the completion of the ARIN account setup, but have an informal confirmation that we'll be approved for two IPv6 /48s.

ASN Beacon

As of March 30, we're waiting for the completion of the ARIN account setup, but have an informal confirmation that we'll be approved for two independent ASNs, one 16-bit, the other 32-bit.