A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)

Wed Feb 2 02:16:07 UTC 2011

On Feb 1, 2011, at 3:58 PM, Martin Millnert wrote:

> On Tue, Feb 1, 2011 at 5:15 PM, Carlos M. Martinez
> <carlosm3011 at gmail.com> wrote:
>> Although I support Rpki as a technology, there are legitimate concerns that it could be abused. I now believe that Rpki needs work in this area at IETF level so the concerns are adressed.
>> 
>> I imagine some form of secret sharing among different parties or sme form of key escrow. I am sure that it is not an easy problem, but maybe some progress can be made in this direction.
> 
> Right.  To preserve the integrity of the system it is rather necessary
> that multiple parties must agree to do some changes to it.   This is
> in many ways of course a very hard thing to do, but there are a lot of
> good people out there with a much better understanding of cryptography
> and real information security than I, who definitely should look into
> this.  Unless there already is a problem statement covering this
> problem, perhaps we should make one.
> 
> Perhaps it is impossible to combine an easily managed system with a
> totally secure and robust routing infrastructure.
> 
> At any rate, I consider censorship a failure of information routing.
> Any secure and robust routing infrastructure will not invite more
> censorship.
> 
> Regards,
> Martin

Multiple parties alone, however is not sufficient. It needs to be multiple
parties that are unlikely to be unduly influenced by the same group of
governments or alliance of governments under any possible circumstance.

The existing RIRs may or may not be an adequate way to spread this out.
Certainly there is risk in the fact that IANA is in the US and subject by itself
to US government whims. The fact that IANA and ARIN are both in the US
is of particular concern because it means even combined there is no
check and balance between them, either ad both can be usurped by the
same power.

Owen