subject:"RPKI adoption \(was\: Re\: 2749 routes AT RISK \)"

Re: RPKI adoption (was: Re: 2749 routes AT RISK )

2022-04-05 Thread Livingood, Jason via NANOG

From: NANOG  on 
behalf of John Curran 

> Along these lines, I’d like to remind everyone of a fairly important 
> consultation that Andrew Hadenfeldt posted here last month

> (FCC) seeks comment on vulnerabilities threatening the security and integrity 
> of
the Border Gateway Protocol (BGP)...
> Comments are due on or before April 11, 2022
> If you have particular views on this important consultation, please take the 
> time to file comments as appropriate.

+1 to this suggestion to file comments - IMO there is always value in comments 
from technical experts. If you have not done so before, this may help:

•   Comments are due: April 11, 2022 & Reply Comments are due: May 10, 2022
•   Can file earlier than these dates, but no later.
•   File comments in the FCC’s Electronic Comment Filing System (ECFS) at 
https://www.fcc.gov/ecfs/filings/standard in docket CG Docket No. 22-90 (in the 
“Proceeding(s)” box, type in “22-90” and click on the option that populates: 
“Secure Internet Routing”
•   Fill in all other required information.  For “Type of Filing,” choose 
“Comment” or “Reply to Comments” (as applicable) from the drop-down menu.
•   Disregard the fields labeled File Number, Report Number, and Bureau ID 
Number.
•   Upload document as a PDF.
•   Check the box for “Email Confirmation” and then “Continue to review 
screen” where you will submit the comments into the record.

Jason

RPKI adoption (was: Re: 2749 routes AT RISK )

2022-04-04 Thread John Curran


On 4 Apr 2022, at 8:16 PM, John Gilmore mailto:g...@toad.com>> 
wrote:
...
Also, centralizing control over route acceptance can be used for
censorship.  If the RIRs succeed in convincing "enough of the net" to
reject any route that doesn't come with an RIR signature, then any
government with jurisdiction over those RIRs can force them to not sign
routes for sites that are politically incorrect.  How convenient -- for
authoritarians.  You can have all the IP addresses you want, you just
can't get 90% of the ISPs in the world to route packets to them.

There is no shortage of Horsemen of the Infopocalypse (child porn,
terrorism, sex slavery, Covid misinformation, manipulative propaganda,
war news, copyright violations, etc, etc, etc) that Absolutely Need To
Be Stamped Out Today whenever politicians decide that Something Must Be
Done.  As an example, we have regularly seen courts force centralized
domain registrars to reject perfectly good applicants for just such
reasons (e.g. SciHub).  The distributed Internet has "routed around"
their ability to censor such information via the routing table.  ISPs
should not hand governments a tool that they have abused so many times
in the past.

There’s a pretty serious misunderstanding here – ARIN certainly offers RPKI 
services and we’ll help someone get ROAs setup for their resources, but that’s 
about as far as we go…

We do point folks to resources on how to perform route origin validation (ROV) 
so they can know the steps involved, but it is truly is up to each network 
operator to decide whether they wish to take that step – which as you note 
comes with some real-world implications (both good & bad) as a result of new 
linkages with additional parties for your network routing…

Would the Internet be a better place if everyone did ROV?  I could easily argue 
some of the upsides such as potential mitigation of routing hijack attempts, 
but the centralization of control and corresponding risks do also need to be 
weighed here.   For example, while ARIN has done exceptionally well 
historically avoiding any government interference in the operation of the 
registry, that is obviously no assurance of future outcomes in this regard.  In 
this end, network operators need to consider the potential benefits and the 
potential risks applicable to their own circumstances, determine _their_ 
desired outcomes, and then shouldn’t hesitate to speak up with regard how they 
want the Internet networking layer to evolve.

Along these lines, I’d like to remind everyone of a fairly important 
consultation that Andrew Hadenfeldt posted here last month 
 –

https://www.federalregister.gov/documents/2022/03/11/2022-05121/secure-internet-routing
https://www.fcc.gov/document/fcc-launches-inquiry-internet-routing-vulnerabilities

(FCC) seeks comment on vulnerabilities threatening the security and integrity of
the Border Gateway Protocol (BGP), which is central to the Internet's global
routing system, its impact on the transmission of data from email,
e-commerce, and bank transactions to interconnected Voice-over Internet
Protocol (VoIP) and 9-1-1 calls, and how best to address them.

Comments are due on or before April 11, 2022

If you have particular views on this important consultation, please take the 
time to file comments as appropriate.

Best wishes,
/John

John Curran
President and CEO
American Registry for Internet Numbers

Re: RPKI adoption (was: Re: 2749 routes AT RISK )

RPKI adoption (was: Re: 2749 routes AT RISK )

2 matches

Site Navigation

Mail list logo

Footer information