On Tue, Jan 9, 2018 at 11:22 AM, William Herrin <bill@herrin.us> wrote:
On Tue, Jan 9, 2018 at 1:07 AM, John R. Levine <johnl@iecc.com> wrote:
How about validating whether a given AS is an acceptable origin for a set
of prefixes?
That's a job for ordinary PKI. Any time you have a trusted central
in particular RPKI -> https://tools.ietf.org/html/rfc6810
authority to serve as an anchor, ordinary PKI works fine. The RIRs serve as anchors for who has the right to authorize which prefixes.
A harder task is validating whether your peer is part of a legitimate AS path to that origin. It's not obvious to me that blockchain could help solve that problem, but it's at least a problem that isn't solved by ordinary PKI.
this part of the problem is BGPsec -> https://tools.ietf.org/html/rfc8205
Now, if we wanted to replace the RIRs and allow people to self-assign IPv6 addresses out of ULA space which we'd then honor in the global BGP table, blockchain could have a role.
yes, here's a useful use for blockchains... allocation of random numbers, and logging of same in a globally available fashion.
-Bill
-- William Herrin ................ herrin@dirtside.com bill@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>