Re: rpki vs. secure dns?

[Phil Regnauld <regnauld () nsrc org>]

Nick Hilliard (nick) writes:
> Leaving aside technical matters, this is one of the more contentious
> political issues with RPKI.  RPKI is a tool which can be used to locally
> influence routing decisions, but allows centralised control of prefix
> authenticity.  If this central point is influenced to invalidate a specific
> prefix, then that will cause serious reachability problems for that prefix
> on the Internet.

        To me that seems like the most obvious problem, but as Alex put it,
        "Everyone has the ability to apply an override on data they do not trust,
        or have a specific local policy for."

> It will be difficult for politicians / legislators / LEAs to look at a
> technology like this and not see its potential for implementing wide-area
> Internet blocking.

> For sure, the LEAs currently looking at it are extremely interested.

        Or the ITU ? :)

        Cheers,
        Phil