A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)

• Previous message (by thread): A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)
• Next message (by thread): A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Feb 1, 2011, at 1:57 PM, Alex Band wrote:

> 
> On 1 Feb 2011, at 22:20, Owen DeLong wrote:
> 
>> 
>> On Feb 1, 2011, at 9:14 AM, Christopher Morrow wrote:
>> 
>>> On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert <millnert at gmail.com> wrote:
>>>> Here be dragons,
>>> <snip>
>>>> It should be fairly obvious, by most recently what's going on in
>>>> Egypt, why allowing a government to control the Internet is a Really
>>>> Bad Idea.
>>>> 
>>> 
>>> how is the egypt thing related to rPKI?
>>> How is the propsed rPKI work related to gov't control?
>>> 
>> RPKI is a big knob governments might be tempted to turn.
> 
> Of course we looked into this, cause we're running our service from Amsterdam, the Netherlands. The possibilities for law enforcement agencies to take measures against the Resource Certification service run by the RIPE NCC are extremely limited. Under Dutch law, the process of certification, as well as resource certificates themselves, do not qualify as goods that are capable of being confiscated.
> 
Confiscated isn't the only possible issue. Being ordered to revoke a ROA or sign an alternate ROA isn't necessarily confiscation. It's court-ordered behavior. I'm not familiar enough with Dutch law to know if this is possible or not, but, regardless of the law today, the certificate issue remains after the law is changed. No country has immutable laws. Even the US Constitution can be (and has been) changed.

> Then of course, the decision making process always lies in the hands of the network operator. Only if a government would mandate an ISP to respect an invalid ROA and drop the route, it would be effective. 
> 
If the RIR is signing the "invalid" ROA, how does one distinguish the invalid from the valid?

> So *both* these things would have to happen before there is an operational issue. Like you've seen in Egypt, pulling the plug is easier...
> 
Today, pulling the plug is easier. In an automated RPKI environment where a revocation or alternate signed record can cause service impacts, 

> YMMV on your side of the pond.
> 
> Alex Band
> Product Manager, RIPE NCC

With the mere passage of a law, so could the mileage on your side of the pond.

Owen

• Previous message (by thread): A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)
• Next message (by thread): A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]