A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)

Sun Jan 30 19:55:10 UTC 2011

Here be dragons,

On Sun, Jan 30, 2011 at 12:39 PM, Carlos Martinez-Cagnazzo
<carlosm3011 at gmail.com> wrote:
> The solution to this problem (theoretical at least) already exist in
> the form of RPKI.

Any top-down RPKI model is intrinsically flawed.

Deploying an overlay of single-point(s) of failure on top of a
well-functional distributed system such as the Internet does not seem
like a solution to much.  The Internet works reasonably well only
because it is reasonably distributed.

I acknowledge that:
 1) there are occasionally routing problems,
 2) that IPv4 will deteriorate further very rapidly as it runs out and
second-hand markets pick up,
 3) that spammers run BGP and abuse, seemingly primarily, the non-RIR IRR-dbs.

The answer to these issues is not by default RPKI IMO. For example, how about:
 1, fix them - are there any problems that hasn't been fixed or were
seriously hard to fix? Enumerate and let's go specific; let's not
deploy a tank to push in a screw.
 2, IPv6?
 3, improve/remove non-RIR IRR-dbs

It should be fairly obvious, by most recently what's going on in
Egypt, why allowing a government to control the Internet is a Really
Bad Idea.

While it is true that governments are more or less in control of the
*geographic area* they govern, as is evident in Egypt, there is a
serious and big difference between the ease of removing a prefix from
the Internet today in a country and how easy it will be in the fully
network-deployed RPKI case, because of the hierarchical model (send
your tanks to the RIR office(s) instead of every single country).
Yes, governments exploit capabilities given to them by technological
means ("we do it just because we can" is a standing motto).

A top-down RPKI model would be a severely negative development of the
resilience of the Internet, especially for freedom-aspiring people
(approximately equal to humankind?),  who need to avert government
suppression.

If we are to go down this path, at the very least it must stay
architecturally/technologically *impossible* for a entity from country
A to via-the-hierarchical-trust-model block a prefix assigned to some
entity in country B, that is assigned by B's RIR and in full
accordance with the RIR policies and in no breach of any contract.
  If not, we're doing humanity a disservice. One that I have no doubt
would simply spawn/grow further overlay-networks to counter the
problem.

Cheers,
Martin
>
> On Sun, Jan 30, 2011 at 6:23 AM, Andrew Alston <aa at tenet.ac.za> wrote:
>> Hi All,
>>
>> I've just noticed that Level 3 is allowing people to register space in its IRR database that A.) is not assigned to the people registering it and B.) is not assigned via/to Level 3.
>>
>> So, I have two queries
>>
>> A.) Are only customers of Level 3 allowed to use this database
>> B.) Can someone from Level 3 please clarify if there are any plans to lock this down slightly
>>
>> At this point, it would seem that if you are a customer of level 3's, you can register any space you feel like in there, and announce anything you feel like once the filters propagate, which in my opinion completely nullifies the point of IRR in the first place.
>>
>> Though I think this also raises the question about IRR databases in general.  Would it not be far more sane to have each RIR run a single instance each which talk to each other, which can be verified against IP address assignments, and scrap the distributed IRR systems that allow for issues like this to occur?
>>
>> (In the mean time I've emailed the relevant people to try and get the entries falsely registered in that database removed, and will wait and see if I get a response).
>>
>>
>> Andrew Alston
>> TENET - Chief Technology Officer
>> Phone: +27 21 763 7181
>>
>>
>
>
>
> --
> --
> =========================
> Carlos M. Martinez-Cagnazzo
> http://www.labs.lacnic.net
> =========================
>
>