Mel, If you are speaking of RPKI based origin validation, I am not sure "automated / global enforcement system" is a useful description. It does provide a consistent means for address holders to declare AS's authorized to announce prefixes, and a means for remote ASs to compare received updates vs such declarations. What the receiving AS does with the validation information is strictly a local policy matter.
Frankly, this is no more a "new automated enforcement system" than IRR-based route filtering has been for 20 years. The only difference is that there is a consistent security model across all 5 RIRs as to who can make such declarations and it is tightly tied to the address allocation business process. I have seen a lot of FUD about the specter of interference, but not a lot of serious thought / discussion. Having a serious technical discussion of potential risks and mitigations in the system would be useful. dougm On Wed, Sep 14, 2016 at 10:51 AM, Mel Beckman <m...@beckman.org> wrote: > Scott and Doug, > > The problem with a new automated enforcement system is that it hobbles > both agility and innovation. ISPs have enjoyed simple BGP management, > entirely self-regulated, for decades. A global enforcement system, besides > being dang hard to do correctly, brings the specter of government > interference, since such a system could be overtaken by government entities > to manhandle free speech. > > In my opinion, the community hasn't spent nearly enough time discussing > the danger aspect. Being engineers, we focus on technical means, ignoring > the fact that we're designing our own guillotine. > > -mel beckman > > > On Sep 14, 2016, at 12:10 AM, Scott Weeks <sur...@mauigateway.com> > wrote: > > > > > > > > --- dougm.w...@gmail.com wrote: > > From: Doug Montgomery <dougm.w...@gmail.com> > > > > If only there were a global system, with consistent and verifiable > security > > properties, to permit address holders to declare the set of AS's > authorized > > to announce their prefixes, and routers anywhere on the Internet to > > independently verify the corresponding validity of received > announcements. > > > > *cough https://www.nanog.org/meetings/abstract?id=2846 cough* > > ------------------------------------------------ > > > > > > Yes, RPKI. That's what I was waiting for. Now we can get to > > a real discussion... ;-) > > > > scott > -- DougM at Work