Hey Martin, I see your point and I believe it is a concern that should be addressed.
tks Carlos On 1/31/11 3:59 AM, Martin Millnert wrote: > Carlos, > > On Sun, Jan 30, 2011 at 9:22 PM, Carlos Martinez-Cagnazzo > <carlosm3...@gmail.com> wrote: >> Hi, >> >> this is the second mention I see of RPKI and Egypt in the same >> context. I sincerely fail to see the connection between both >> situations. >> > It is quite simple actually. > > 1. Governments (eventually) want to take pieces of the Internet > offline, and Egypt is only the latest abundantly clear proof of this > desire. > 2. RPKI might make this easier to accomplish than before, effectively > leading to more censorship than without it. > > My fear is that of the big red DELETE-FROM-THE-INTERNET-button: > > If the system becomes widely deployed, it is an even shorter step to > make for various lawmakers in various countries to legislate how RPKI > is to be used. > There are obviously other ways for your local autocrat to cut the > Internet down, but this would undoubtedly add a potential fine-grained > mechanism on top of it that I fail to see how it will not be abused. > Eg, it'd be possible to, with the right hand, require that all ISPs > treats RPKI in a certain way (abstract away the censorship to all > ISPs, even those in other countries(!), own routers, once the > technology is in place), and with the left hand cherry pick what can > be on and what can be off, at a much, much lower cost than unplugging > everything (Egypt), or buying lots of cool hardware (China). (This is > a bad thing, btw.) > > I'd happily see an explanation of RPKI that clears these fears from my > mind, and I'm fairly sure that I am not crazy for having them... > (Meanwhile I will read all of Randy's recommended reading.) > And yes there are a myriad of other ways to shut things down from the > Internet, but none of them are as integrated with the Internet as RPKI > would be, right? Plus, I don't really see adding another way to shut > things down as a positive thing, because of the apparent abuse-vector > it represents. > > Regards, > Martin > > (With tiny, tiny steps, nobody will understand how we ended up where > we end up, and by then it's hard to retract.) > >> On Sun, Jan 30, 2011 at 7:53 PM, Brandon Butterworth >> <bran...@rd.bbc.co.uk> wrote: >>>>> I think it is too early in the deployment process to start dropping >>>>> routes based on RPKI alone. We'll get there at some point, I guess. >>>> Do we really *want* to get to that point? >>> I thought that was the point and the goal of securing the routing >>> infrastructure is laudable. But the voices in my head say don't trust >>> them with control of your routes, see what happened in Egypt. >>> >>> brandon >>> >>> >> >> >> -- >> -- >> ========================= >> Carlos M. Martinez-Cagnazzo >> http://www.labs.lacnic.net >> ========================= >> >>