Research:Beacon

The design of the beacon which will be used to verify operation and reach of the program is currently underway on the mailing list, and will be described here when it reaches stable consensus. It is intended to allow independent verification of IPv4 and IPv6 routing and domain name resolution, and to be robust against orthogonal DNSSEC validation errors.

Generally, our goal is to use two of each type of beacon, on independent and unrelated infrastructure, with one strobing on a one-hour period.

Domain Beacon

We have registered two domain names for this purpose: sanctions-beacon.net and sanctions-beacon.com. Each will be set up to host the necessary responders, on two different independent network connections, using IP addresses not in any of our beacon IP address blocks. We will presumably need to get TLS certs for them as well.

IPv4 Beacon

As of March 31, we have secured a donor for two independent IPv4 /24s, our new ARIN OrgID, SANCT-7, is active, the transfer has been initiated, and we're waiting for RIPE to contact ARIN's 8.4 transfer group.

IPv6 Beacon

As of March 30, we're waiting for the completion of the ARIN account setup, but have an informal confirmation that we'll be approved for two IPv6 /48s.

ASN Beacon

As of March 30, we're waiting for the completion of the ARIN account setup, but have an informal confirmation that we'll be approved for two independent ASNs, one 16-bit, the other 32-bit.