nanog mailing list archives

Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)

From: Benson Schliesser <bensons () queuefull net>
Date: Tue, 1 Feb 2011 16:05:42 -0600


On Feb 1, 2011, at 3:43 PM, Arturo Servin wrote:

      Is it really a better alternative? Do we want to pay the cost of a fully distributed RPKI architecture?

      Or do we just abandon the idea of protecting the routing infrastructure?

      There is no free-lunch, we just need to select the price that we want to pay.


I agree there is no free-lunch.

Randy Bush addressed the problem, in a recent email, by contrasting his "security" personality against his mistrust of 
authority. (That's my summary, not his words.)  And I think that's exactly what I'm struggling with.  I want to secure 
the routing infrastructure, but I don't completely trust centralized regimes.  At their best, they're a target for 
exploitation - at their worst, they're authoritarian.

Randy was kind enough to point me toward http://tools.ietf.org/html/draft-ietf-sidr-ltamgmt-00 which I'm in the process 
of reading.  Perhaps there is a way to balance between "fully distributed" and "centralized", e.g. by supporting 
multiple roots and different trust domains.

Cheers,
-Benson

On 1 Feb 2011, at 16:29, Benson Schliesser wrote:


On Feb 1, 2011, at 11:14 AM, Christopher Morrow wrote:

On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert <millnert () gmail com> wrote:

Here be dragons,

<snip>

It should be fairly obvious, by most recently what's going on in
Egypt, why allowing a government to control the Internet is a Really
Bad Idea.


how is the egypt thing related to rPKI?
How is the propsed rPKI work related to gov't control?


In theory at least, entities closer to the RPKI root (RIRs, IANA) could invalidate routes for any sort of policy 
reasons.  This might provide leverage to certain governments, perhaps even offering the ability to control routing 
beyond their jurisdiction.

As an example, it's imaginable that the US government could require IANA or ARIN to delegate authority to the NSA 
for a Canadian ISP's routes.  Feel free to replace the RIR/LIR and country names, to suit your own example.

Cheers,
-Benson

Current thread:

Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database), (continued)
- - - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Owen DeLong (Feb 01)
    - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Martin Millnert (Feb 01)
    - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Michael Hallgren (Feb 01)
  - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Alex Band (Feb 01)
    - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Owen DeLong (Feb 01)
    - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Karl Auer (Feb 01)
    - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Owen DeLong (Feb 01)
    - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Martin Millnert (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Benson Schliesser (Feb 01)
  - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Arturo Servin (Feb 01)
    - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Benson Schliesser (Feb 01)
- Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Michael Hallgren (Feb 01)
  - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Randy Bush (Feb 01)
    - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Michael Hallgren (Feb 01)
    - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Randy Bush (Feb 01)
  - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Carlos M. Martinez (Feb 01)
    - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Martin Millnert (Feb 01)
    - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Owen DeLong (Feb 01)
  - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Christopher Morrow (Feb 01)
    - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Dongting Yu (Feb 01)
    - Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database) Benson Schliesser (Feb 01)

(Thread continues...)