Re: Validating rights to announce a prefix

[Robert Kisteleki <robert () ripe net>]

michael.dillon () bt com wrote:
> > Okay, I admit I haven't paid the closest attention to RPKI, 
> > but I have to ask: Is this a two-way shared-key issue, or 
> > (worse) a case where we need to rely on a central entity to 
> > be a key clearinghouse?
> >
> > The reason why I mention this is obvious -- the entire PKI 
> > effort has been stalled (w.r.t. authority) because of this 
> > particular issue.
>
> Who says there needs to be a PKI infrastructure in order to
> do this? There are other ways of authenticating data. For instance
> ARIN could hold the data that they have validated on their own
> servers and people could use HTTPS queries to ensure that they
> get the answers that they thought they would get.

I must point out that HTTPS is still in PKI land - it's just "another one", 
inviting otherwise unrelated parties (like Verisign et al.) into the system.

> As for how the address owner delegates the right to announce 
> a prefix, they could either operate their own database and
> ARIN would have a pointer to it, or they could register the
> data in ARIN's database by some secure means. There is no
> reason why "secure means" could not include various out of
> band authentication systems.

The principles for this are included in the SIDR efforts.

> People are too hung up on cryotographically secure PKI systems
> which are way overkill for this problem. In fact, it should be
> possible to design an architecture that allows for an easy upgrade
> to PKI if it should be determined at some future date, that PKI
> is necessary.

It's hard to switch to a more secure method later on if you start with a 
less secure one. So, "upgrading" to PKI from something else only makes sense 
if that previous system was secure enough - but then why would you want to 
change?

Robert

> --Michael Dillon