Shane,
IMO, there is still one key difference. ISP's are _directly_ involved in receiving such orders,
evaluating them for validity, applicability and then carrying them out. This can also include
providing a heads-up to operations teams, in that SP, that a change in configuration to effect it
was "purposeful", thus saving substantial time + OpEx not trying to track down a
"general connectivity issue" that a customer calls in and reports to the SP.
OTOH, with the RPKI ... the actions carried out by, for example, an RIR will
have to be without consultation of the ISP(s) with the directly attached
customer, in the case of sealed orders. How does the SP know that a
certificate was revoked due: a) a bug; b) lack of payment to their RIR; or, c)
a lawful order? And, more importantly, could/should/would ISP's act
differently, in terms of routing on their networks in any of those cases?
As I mentioned in my message to Sharon last week, each resource holder
can detect any action by any party that renders ROAs for the resource
holder invalid. This sort of self-monitoring can be performed as a side
effect of normal RPKI processing. The next step is for the affected
party to notify other ISPs of the action, which, I
suspect, can be done in a variety of ways. How ISPs cosoe to use this
info is still a local decision, as it
is today.
It's one thing for an operator to have direct influence/knowledge re: actions
it takes on their own network, it's another matter entirely when third-parties
have that control over your operations, particularly without any recourse.
I don't think the RPKI results in the change you suggest above. It is
still up to each ISP to decide how
to make use of the data acquired via the RPKI. The LTAM mechanism
provides a specific way for an ISP to
override most of the sorts of changes that have been described. For
example, if a country elects to
maintain RPKI data for ISPs that operate there (exclusively), the
country could publish a contsriants
file in the LTAM-specified format, as a way of "protecting" the
resources for these ISPs. Other ISPs,
outside of the country, can elect to make use of this data if they worry
that an LEO outside of the
geopolitical jurisdiction tries to use the RPKI to whack resources
within the country. In the end, it
is still up to each ISP to decide how to make use of RPKI data.
Steve
_______________________________________________
sidr mailing list
sidr@ietf.org
https://www.ietf.org/mailman/listinfo/sidr
