I had a hard time figuring out where to “chain” this message, so I stuck it here...
Let’s take a step back please.
What is the purpose of RPKI/SIDR? Is it to enforce allocation
policies? Or is it to prevent “bad guys” from spoofing routing
advertisements for the purpose of various forms of malfeasance?
I do believe these are separate problems.
If it is for enforcing allocation policies, it effects the balance of
power between the various actors. Today if there is a legal dispute
between an allocator and an organization with an allocation, it will
be solved through existing civil means. This may take some time. In
the meantime the status quo continues (from a technical/operational
perspective). With RPKI the allocator can revoke the organizations
certificate, while the civil process takes its time, causing harm to
the organization that is now un-routable. Don’t think they won’t do
the revocation. I have personally seen situations where if one party
has “the switch” to enforce their will, they use it.
On the other hand if it is to prevent “bad guys” from spoofing
routing, then the trick is to design it so that is doesn’t effect the
balance of power between the various *legitimate* actors. Judging from
the conversations I have seen, I suspect we don’t have a system that
doesn’t effect the balance of power.
In my opinion, it is a good idea to work on not changing the balance
of power. That may require that the allocation agencies *not* be part
of the key hierarchy.
-Jeff
--
========================================================================
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
j...@mit.edu
========================================================================
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
