rpki vs. secure dns?

Nick Hilliard nick at foobar.org
Sat Apr 28 12:22:15 CDT 2012

On 28/04/2012 14:04, Alex Band wrote:
> they do not trust, or have a specific local policy for. In the toolsets
> for using the RPKI data set for routing decisions, such as the RIPE NCC
> RPKI Validator, every possible step is taken is taken to ensure that the
> operator is in the driver's seat.

Leaving aside technical matters, this is one of the more contentious
political issues with RPKI.  RPKI is a tool which can be used to locally
influence routing decisions, but allows centralised control of prefix
authenticity.  If this central point is influenced to invalidate a specific
prefix, then that will cause serious reachability problems for that prefix
on the Internet.

It will be difficult for politicians / legislators / LEAs to look at a
technology like this and not see its potential for implementing wide-area
Internet blocking.  For sure, the LEAs currently looking at it are
extremely interested.


More information about the NANOG mailing list