Re: Level 3's IRR Database

["Carlos M. Martinez" <carlosm3011 () gmail com>]

Hey Martin,

I see your point and I believe it is a concern that should be addressed.

tks

Carlos

On 1/31/11 3:59 AM, Martin Millnert wrote:
> Carlos,
>
> On Sun, Jan 30, 2011 at 9:22 PM, Carlos Martinez-Cagnazzo
> <carlosm3011 () gmail com> wrote:
> > Hi,
> >
> > this is the second mention I see of RPKI and Egypt in the same
> > context. I sincerely fail to see the connection between both
> > situations.
> It is quite simple actually.
>
> 1. Governments (eventually) want to take pieces of the Internet
> offline, and Egypt is only the latest abundantly clear proof of this
> desire.
> 2. RPKI might make this easier to accomplish than before, effectively
> leading to more censorship than without it.
>
> My fear is that of the big red DELETE-FROM-THE-INTERNET-button:
>
> If the system becomes widely deployed, it is an even shorter step to
> make for various lawmakers in various countries to legislate how RPKI
> is to be used.
> There are obviously other ways for your local autocrat to cut the
> Internet down, but this would undoubtedly add a potential fine-grained
> mechanism on top of it that I fail to see how it will not be abused.
>   Eg, it'd be possible to, with the right hand, require that all ISPs
> treats RPKI in a certain way (abstract away the censorship to all
> ISPs, even those in other countries(!), own routers, once the
> technology is in place), and with the left hand cherry pick what can
> be on and what can be off, at a much, much lower cost than unplugging
> everything (Egypt), or buying lots of cool hardware (China). (This is
> a bad thing, btw.)
>
> I'd happily see an explanation of RPKI that clears these fears from my
> mind, and I'm fairly sure that I am not crazy for having them...
> (Meanwhile I will read all of Randy's recommended reading.)
> And yes there are a myriad of other ways to shut things down from the
> Internet, but none of them are as integrated with the Internet as RPKI
> would be, right? Plus, I don't really see adding another way to shut
> things down as a positive thing, because of the apparent abuse-vector
> it represents.
>
> Regards,
> Martin
>
> (With tiny, tiny steps, nobody will understand how we ended up where
> we end up, and by then it's hard to retract.)
>
> > On Sun, Jan 30, 2011 at 7:53 PM, Brandon Butterworth
> > <brandon () rd bbc co uk> wrote:
> > > > > I think it is too early in the deployment process to start dropping
> > > > > routes based on RPKI alone. We'll get there at some point, I guess.
> > > > Do we really *want* to get to that point?
> > > I thought that was the point and the goal of securing the routing
> > > infrastructure is laudable. But the voices in my head say don't trust
> > > them with control of your routes, see what happened in Egypt.
> > >
> > > brandon
> >
> >
> > --
> > --
> > =========================
> > Carlos M. Martinez-Cagnazzo
> > http://www.labs.lacnic.net
> > =========================