Difference between revisions of "Research:Beacon"

The design of the beacon which will be used to verify operation and reach of the program is currently underway on the mailing list, and will be described here when it reaches stable consensus. It is intended to allow independent verification of IPv4 and IPv6 routing and domain name resolution, and to be robust against orthogonal DNSSEC validation errors.

Generally, our goal is to use two of each type of beacon, on independent and unrelated infrastructure, with one strobing on a one-hour period.

Domain Beacon

We have registered two domain names for this purpose: sanctions-beacon.net and sanctions-beacon.com. Each will be set up to host the necessary responders, on two different independent network connections, using IP addresses not in any of our beacon IP address blocks. We will presumably need to get TLS certs for them as well. Because these should be blocked by name and not by number, we will also host positive beacons on the same servers (which should be visible, although resources identified by the beacon domains should not be visible). Depending upon the decision of the policy group on the matter of more specific domain names, we may also want to host separate beacons on more-specific subdomains, c.f. http://more-specific.sanctions-beacon.net.

IPv4 Beacon

As of April 5, RIPE has contacted ARIN's 8.4 transfer group and initiated the transfer of our two /24s.

IPv6 Beacon

As of April 1, we've submitted requests to ARIN for two independent /48s of IPv6 space, and they are not yet approved.

ASN Beacon

The 16-bit beacon ASN is 13400
The 32-bit beacon ASN is 400603