A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)

• Previous message (by thread): A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)
• Next message (by thread): A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alex,

On Tue, Feb 1, 2011 at 4:57 PM, Alex Band <alexb at ripe.net> wrote:
> On 1 Feb 2011, at 22:20, Owen DeLong wrote:
>> RPKI is a big knob governments might be tempted to turn.
>
> Of course we looked into this, cause we're running our service from Amsterdam, the Netherlands. The possibilities for law enforcement agencies to take measures against the Resource Certification service run by the RIPE NCC are extremely limited. Under Dutch law, the process of certification, as well as resource certificates themselves, do not qualify as goods that are capable of being confiscated.
>
> Then of course, the decision making process always lies in the hands of the network operator. Only if a government would mandate an ISP to respect an invalid ROA and drop the route, it would be effective.
>
> So *both* these things would have to happen before there is an operational issue. Like you've seen in Egypt, pulling the plug is easier...
>
> YMMV on your side of the pond.
>
> Alex Band
> Product Manager, RIPE NCC

As others pointed out, and as we especially have seen the past 10 and
a half years, laws can easily change.

I too believe it is somewhat necessary to have 'control' over the IPv4
prefix distribution in order for the RIRs to continue being
Registries. I understand and share the RIRs concern regarding this.  I
also do believe we can expend at least two years (just to put a number
out there) more to make a system that is robust also against
censorship, that everybody can feel comfortable to trust. Operational
impact and cost, I believe, will be quite minor during this time.

In fact, I believe it is an investment that apart from being necessary
(IMO), will actually pay off, because only with a system that people
trust, will most network operators enable it by their free will, which
ought to be the goal for *everybody* involved.  (Lest the dystopian
future takes hold, of course.)

Once a reliable system exists, I would be the first one to enable it
on my routers, and wouldn't shed a tear if illegitimately acquired or
traded routing information was lost at that time.

And to be extremely clear, nobody is suggesting that they do not trust
the people working at RIPE or any other RIR to do a good job here but
at the same time, "we are all human".   We have a, in my opinion, very
big responsibility towards future generations in (re-)designing the
Internet in a way that continues to keep it open and robust towards
failures of various sorts.  Even that of a single RIR.

Regards,
Martin

• Previous message (by thread): A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)
• Next message (by thread): A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]