rpki vs. secure dns?
nick at foobar.org
Sat Apr 28 12:22:15 CDT 2012
On 28/04/2012 14:04, Alex Band wrote:
> they do not trust, or have a specific local policy for. In the toolsets
> for using the RPKI data set for routing decisions, such as the RIPE NCC
> RPKI Validator, every possible step is taken is taken to ensure that the
> operator is in the driver's seat.
Leaving aside technical matters, this is one of the more contentious
political issues with RPKI. RPKI is a tool which can be used to locally
influence routing decisions, but allows centralised control of prefix
authenticity. If this central point is influenced to invalidate a specific
prefix, then that will cause serious reachability problems for that prefix
on the Internet.
It will be difficult for politicians / legislators / LEAs to look at a
technology like this and not see its potential for implementing wide-area
Internet blocking. For sure, the LEAs currently looking at it are
More information about the NANOG