nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: rpki vs. secure dns?

From: Nick Hilliard <nick () foobar org>
Date: Sat, 28 Apr 2012 18:22:15 +0100
On 28/04/2012 14:04, Alex Band wrote:

they do not trust, or have a specific local policy for. In the toolsets
for using the RPKI data set for routing decisions, such as the RIPE NCC
RPKI Validator, every possible step is taken is taken to ensure that the
operator is in the driver's seat.


Leaving aside technical matters, this is one of the more contentious
political issues with RPKI.  RPKI is a tool which can be used to locally
influence routing decisions, but allows centralised control of prefix
authenticity.  If this central point is influenced to invalidate a specific
prefix, then that will cause serious reachability problems for that prefix
on the Internet.

It will be difficult for politicians / legislators / LEAs to look at a
technology like this and not see its potential for implementing wide-area
Internet blocking.  For sure, the LEAs currently looking at it are
extremely interested.

Nick
Previous By Date Next
Previous By Thread Next

Current thread: