On 28/04/2012 14:04, Alex Band wrote:
they do not trust, or have a specific local policy for. In the toolsets for using the RPKI data set for routing decisions, such as the RIPE NCC RPKI Validator, every possible step is taken is taken to ensure that the operator is in the driver's seat.
Leaving aside technical matters, this is one of the more contentious political issues with RPKI. RPKI is a tool which can be used to locally influence routing decisions, but allows centralised control of prefix authenticity. If this central point is influenced to invalidate a specific prefix, then that will cause serious reachability problems for that prefix on the Internet. It will be difficult for politicians / legislators / LEAs to look at a technology like this and not see its potential for implementing wide-area Internet blocking. For sure, the LEAs currently looking at it are extremely interested. Nick