nanog mailing list archives
Re: Blockchain and Networking
From: Jimmy Hess <mysidia () gmail com>
Date: Tue, 23 Jan 2018 07:17:57 -0600
On Tue, Jan 9, 2018 at 10:22 AM, William Herrin <bill () herrin us> wrote:
On Tue, Jan 9, 2018 at 1:07 AM, John R. Levine <johnl () iecc com> wrote:
The promise of blockchain is fraud-resistant recordkeeping, database management, AND resource management maintained by a distributed decentralized network which eliminates or reduces the extent to which there are central points of trust involved in the recordkeeping, AND can implement resource-management rules or policies programmatically and in an unbiased way (E.G. "Smart Contracts"). For example: A decentralized internet number registry could use a blockchain as the means of making the public records showing the transferrence of the ownership of a particular internet number from the originator to the registrant. The potential is there to go a step beyond replacing RPKI, as a blockchain could be the AS number authority itself, thus eliminating the need to have any centralized organizations for tracking and managing number resource assignments.
How about validating whether a given AS is an acceptable origin for a setof prefixes?That's a job for ordinary PKI. Any time you have a trusted central authority to serve as an anchor, ordinary PKI works fine. The RIRs serve as
See: That's the problem. Ordinary PKI DEPENDS on centralized trust -- that is, with PKI there are corruptible or potentially corruptible or compromisable entities in your system that you assign an unwarranted or unnecessary level of trust to. That would include organizations such AS Number and IP Address registries. Under the current system, they retain an Unwarranted level of trust, for example: ARIN Could Delete an IP address allocation or an AS number allocation after it was assigned, because someone else told them to, or maybe someone didn't like the content on your website and coerced/tricked someone who manipulated or legally forced the central figure to do so. This would include whatever entities can be signing authorities of your PKI. This includes any organization with unsecured resource management capabilities, such as the DNS Root server, TLD Server operators, and Domain registrars. Which includes the risks: (1) The signing authority could be breached by an outsider or insider attack (2) The signing authority could prove untrustworthy or later change the rules. (3) The signing authority could be covertly corrupted by a government authority or foreign power: to support nefarious goals or surveilance or censorship. For example: A DNS Registrar or TLD Registry could make a change to the DS Key or remove the DS Key and confiscate a domain to intercept traffic, without even the permission of the original registrant. -- -JH
Current thread:
- Re: Blockchain and Networking, (continued)
- Re: Blockchain and Networking Hugo Slabbert (Jan 07)
- Re: Blockchain and Networking chris (Jan 07)
- Re: Blockchain and Networking William Herrin (Jan 07)
- Re: Blockchain and Networking Peter Kristolaitis (Jan 07)
- Re: Blockchain and Networking Denys Fedoryshchenko (Jan 07)
- Re: Blockchain and Networking Jörg Kost (Jan 08)
- Re: Blockchain and Networking John Levine (Jan 08)
- Message not available
- Re: Blockchain and Networking John R. Levine (Jan 08)
- Re: Blockchain and Networking William Herrin (Jan 09)
- Re: Blockchain and Networking Christopher Morrow (Jan 09)
- Re: Blockchain and Networking Jimmy Hess (Jan 23)
- Re: Blockchain and Networking Brock Tice (Jan 23)
- Re: Blockchain and Networking John R. Levine (Jan 23)
- Re: Blockchain and Networking Jimmy Hess (Jan 23)
- Re: Blockchain and Networking K. Scott Helms (Jan 23)
- Re: Blockchain and Networking Christopher Morrow (Jan 23)
- Re: Blockchain and Networking Christopher Morrow (Jan 23)
- Re: Blockchain and Networking Peter Kristolaitis (Jan 07)
- Re: Blockchain and Networking valdis . kletnieks (Jan 24)
- Re: Blockchain and Networking Anthony Kolka - Handy Networks LLC (Jan 24)
- Re: Blockchain and Networking Hugo Slabbert (Jan 07)
- Re: Blockchain and Networking William Herrin (Jan 23)
- Re: Blockchain and Networking Michael O Holstein (Jan 23)