Re: Need for historical prefix blacklist (`rogue' prefixes) information

[David Conrad <drc () virtualized org>]

I’m a little confused.  I thought the concern was about decrypting intentionally mis-routed traffic, not a suggestion 
that ROV uses encryption…

Regards,
-drc

> On Oct 30, 2021, at 5:57 PM, J. Hellenthal via NANOG <nanog () nanog org> wrote:
>
> He answered it completely. "You" worried about interception of RPKI exchange over the wire are failing to see that 
> there is nothing there important to decrypt because the encryption in the transmission is not there !
>
> And yet you've failed to even follow up to his question... "What's your point regarding your message? ROV does not 
> use (nor needs) encryption."
>
> So maybe you could give some context on that so someone can steer you out of the wrong direction.
>
> -- 
>  J. Hellenthal
>
> The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
>
> > On Oct 30, 2021, at 10:31, A Crisan <alina.florar () gmail com> wrote:
> >
> > 
> > Hi Matthew, 
> >
> > Quantum computing exists as POCs, IBM being one of those advertising them and announced to extend their project. 
> > There are others on the market, Amazon advertised quantum computing as a service back in 2019: 
> > https://www.theverge.com/2019/12/2/20992602/amazon-is-now-offering-quantum-computing-as-a-service 
> > <https://www.theverge.com/2019/12/2/20992602/amazon-is-now-offering-quantum-computing-as-a-service>. The bottle neck 
> > of the current technology is scalability: we will not see QC as personal computing level just yet (to go in more 
> > detail, current technologies work at cryogenic temperatures, thus they are hyper expensive and not really scalable), 
> > but they exist and one could be imagine they are/will be used for various tasks.
> >
> > On the other hand, you've actually commented every word of my mail, minus the stated question. Thanks. 
> >
> > Best Regards, 
> > Dora Crisan 
> >
> >
> >
> >  
> >
> > On Fri, Oct 29, 2021 at 8:10 PM Matthew Walster <matthew () walster org <mailto:matthew () walster org>> wrote:
> >
> >
> > On Fri, 29 Oct 2021, 15:55 A Crisan, <alina.florar () gmail com <mailto:alina.florar () gmail com>> wrote:
> > Hi Matthew,
> > I was reading the above exchange, and I do have a question linked to your last affirmation. To give you some 
> > context, the last 2021 ENISA report seem to suggest that internet traffic is "casually registered" by X actors to 
> > apply post Retrospective decryption (excerpt below). This would be at odds with your (deescalating) affirmation that 
> > hijacks are non-malicious and they are de-peered quickly, unless you pinpoint complete flux arrest only. Are there 
> > any reportings/indicators... that look into internet flux constant monitoring capabilities/capacities? Thanks.
> >
> > RPKI uses authentication not confidentiality. There is no encryption taking place, other than the signatures on the 
> > certificates etc.
> >
> > Excerpt from the introduction: "What makes matters worse is that any cipher text intercepted by an attacker today 
> > can be decrypted by the attacker as soon as he has access to a large quantum computer (Retrospective decryption).
> >
> > Which do not exist (yet).
> >
> > Analysis of Advanced Persistent Threats (APT) and Nation State capabilities,
> >
> > Buzzwords.
> >
> > along with whistle blowers’ revelations
> >  have shown that threat actors can and are casually recording all Internet traffic in their data centers
> >
> > No they're not. It's just not possible or indeed necessary to duplicate everything at large scale. Perhaps with a 
> > large amount of filtering, certain flows would be captured, but in the days of pervasive TLS, this seems less and 
> > less worthwhile.
> >
> >  and that they select encrypted traffic as interesting and worth storing.This means that any data encrypted using 
> > any of the standard public-key systems today will need to be considered compromised once a quantum computer exists 
> > and there is no way to protect it retroactively, because a copy of the ciphertexts in the hands of the attacker. 
> > This means that data that needs to remain confidential after the arrival of quantum computers need to be encrypted 
> > with alternative means"
> >
> > None of this is relevant to RPKI (ROV) at all. In fact, it reads like the fevered dreams of a cyber security 
> > research student. What's your point regarding your message? ROV does not use (nor needs) encryption.
> >
> > M