Speaking only, and strictly, as an individual. I'm sorry Chris, I think this concern about having to 'avoid' LEA actions is FUD worthy. Regardless if it occurs at the peak of the hierarchy or any level underneath.
I'm quite sure from time to time LEA's WILL request some organisation at some level to "freeze" changes for a particular resource as was experienced in the DNSChanger event when ARIN and RIPE were 'ordered' (following proper process or not) by some LEA arrangements to stop any changes from occurring to some whois records. LEAs from my experience do not do these things on a whim. I would have said 5 years ago that the LEAs simply don't understand the internet, but recent experience suggests that they are learning rapidly. So I'm not so sure that, if a LEA takes some action involved in an ongoing criminal case, anything we attempt to put in play protocol wise to 'void' their intentions will actually help anyone's cause. Just as if a LEA where to issue a 'legal intercept' order (for those countries that have such) to your upstreams for your internet traffic, it's really unlikely that it is something you'll be able to avoid. And in the same breath as allowing some entity to 'avoi d' a LEA action, it also provides "others" with a non-transparent tool (I'll let your imagination run wild with who "others" could be) to make stuff happen to your "secure" routing. Further, in a situation when you have a trust anchor, and yes do note the word "trust", any event that occurs at those levels above you which violates your belief that some RPKI CA in question has acted, or been forced to act, in your best interests will simply degrade the trust afforded by both the certificate recipient as well as the relying parties. Again, I think LEAs are growing to understand this, at least the ones I have interacted with are. Ultimately that is why one would promote that the RPKI trust anchors are issued by good-for-the-internet-and-benevolent-fully-tranparent organisations. Your mileage may vary, but if you don't hold the trust in a TA you were expecting as a relying party, then this is why the local TA idea exists, or the entire premise about being able to trust the entities responsible for resource allocation in the resource allocation hierarchy is flawed to begin with. So for me, I would much prefer a scenario where any action that affects my ROAs in any way is completely transparent to me and to all relying parties which have the belief I am practicing secure origination, such that if some CA in the hierarchy above me issues a ROA that includes, covers, or overlaps my resource holding then I would really love to see my cert revoked, and listed in a CRL, as a standard course of action first and foremost. Cheers Terry On 10/08/2012, at 4:25 AM, Christopher Morrow wrote: > an interesting outgrowth of the grandparenting could be the ability to > 'avoid' LEA actions at middle tiers of the address allocation > heirarchy... that's something to consider, i'd say. > _______________________________________________ sidr mailing list sidr@ietf.org https://www.ietf.org/mailman/listinfo/sidr
