2749 routes AT RISK - Re: TIMELY/IMPORTANT - Approximately 40 hours until potentially significant routing changes (re: Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022)

• Previous message (by thread): [nanog] [nanog] Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT -
• Next message (by thread): 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Approximately 40 hours until potentially significant routing changes (re: Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Job Snijders via NANOG <nanog at nanog.org> wrote:
> our community also has to be cognizant about there being parts of the
> Internet which are not squatting on anyone's numbers *and* also are
> not contracted to a specific RIR.

Let's not undermine one of the few remaining widely distributed (with no
center) technical achievements behind the Internet -- the decentralized
routing system.

I'm on the board of a large legacy allocation that is deliberately NOT
an ARIN (or other RIR) member.  And I have a small address block of my
own, ditto.

ARIN doesn't provide authenticated RPKI entries for just anybody.  You
have to pay them for that service.  And in order to pay them, you have
to sign their contract.  And if you sign that contract, ARIN can take
away your legacy allocation -- anytime they decide it would be in their
best interest.  Whereas, if you don't sign, the courts have held that
you have a *property right* in your IP addresses and they *belong* to
you.  As a result, most legacy address holders (a large fraction of the
Internet addresses) have declined to sign such contracts, pay such
bills, and thus can't be in the ARIN authenticated routing registry.

For years, ARIN has been deliberately limiting access to the RPKI
registry as a lever to force people to sign one-sided contracts
beneficial to ARIN.  (They do the same lever thing when you sell an
address block -- at ARIN, it loses its legacy status, requiring the
recipient to pay annual rent to ARIN, and risk losing their block if
political winds shift.)

The pro-RPKI faction also seems to have completely ignored what I
consider a major concern among anti-RPKI folks.  The distributed
Internet routing system is resilient to centralized failures, and should
remain so.  Inserting five points of failure (signatures of RIRs) would
undermine that resilience.

Also, centralizing control over route acceptance can be used for
censorship.  If the RIRs succeed in convincing "enough of the net" to
reject any route that doesn't come with an RIR signature, then any
government with jurisdiction over those RIRs can force them to not sign
routes for sites that are politically incorrect.  How convenient -- for
authoritarians.  You can have all the IP addresses you want, you just
can't get 90% of the ISPs in the world to route packets to them.

There is no shortage of Horsemen of the Infopocalypse (child porn,
terrorism, sex slavery, Covid misinformation, manipulative propaganda,
war news, copyright violations, etc, etc, etc) that Absolutely Need To
Be Stamped Out Today whenever politicians decide that Something Must Be
Done.  As an example, we have regularly seen courts force centralized
domain registrars to reject perfectly good applicants for just such
reasons (e.g. SciHub).  The distributed Internet has "routed around"
their ability to censor such information via the routing table.  ISPs
should not hand governments a tool that they have abused so many times
in the past.

	John
	

• Previous message (by thread): [nanog] [nanog] Re: 2749 routes AT RISK - Re: TIMELY/IMPORTANT -
• Next message (by thread): 2749 routes AT RISK - Re: TIMELY/IMPORTANT - Approximately 40 hours until potentially significant routing changes (re: Retirement of ARIN Non-Authenticated IRR scheduled for 4 April 2022)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]