nanog mailing list archives
Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)
From: Owen DeLong <owen () delong com>
Date: Tue, 1 Feb 2011 18:07:24 -0800
On Feb 1, 2011, at 3:53 PM, Karl Auer wrote:
On Tue, 2011-02-01 at 14:51 -0800, Owen DeLong wrote:If the RIR is signing the "invalid" ROA, how does one distinguish the invalid from the valid?In systems where the outputs from a computer system are very, very critical, a sort of "consensus" takes place (I think they did this in some space flights too) - two of three independent systems have to agree that the information is correct before it can be acted upon. Perhaps there is room at the top level for some such mechanism in RPKI? That is, treat "the top" not as being one RIR, but as a confederation of RIRs, possibly all with the SAME key. If different keys start appearing, the one that comes from the most RIRs is considered correct, and the other(s) as mavericks. But I'm speaking from a very deep well of ignorance about RPKI.
Indeed... The key is how you identify the signature, essentially. So, if the bodies all share the same key, then, any one of them can sign anything and it is indistinguishable from something signed by the others. What would be needed would be a triple signature with different keys (like bank checks that require more than one signature). However, the usual process for getting something signed through that system would probably be that A does the authentication process and then asks B and C to "witness" their signature. If A has a gun to their head, they're still going to likely be able to get B and C to "witness" that signature, so, you're still in a fix. This really isn't an easy problem to solve. Until it is solved, there are serious questions about RPKI doing more harm than good. Owen
Current thread:
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database), (continued)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Owen DeLong (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Michael Hallgren (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Owen DeLong (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Rubens Kuhl (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Owen DeLong (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Michael Hallgren (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Martin Millnert (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Michael Hallgren (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Owen DeLong (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Owen DeLong (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Karl Auer (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Owen DeLong (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Arturo Servin (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Benson Schliesser (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Randy Bush (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Michael Hallgren (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Randy Bush (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Martin Millnert (Feb 01)