On 4 Apr 2022, at 8:16 PM, John Gilmore <gnu@toad.com<mailto:gnu@toad.com>> wrote: ... Also, centralizing control over route acceptance can be used for censorship. If the RIRs succeed in convincing "enough of the net" to reject any route that doesn't come with an RIR signature, then any government with jurisdiction over those RIRs can force them to not sign routes for sites that are politically incorrect. How convenient -- for authoritarians. You can have all the IP addresses you want, you just can't get 90% of the ISPs in the world to route packets to them. There is no shortage of Horsemen of the Infopocalypse (child porn, terrorism, sex slavery, Covid misinformation, manipulative propaganda, war news, copyright violations, etc, etc, etc) that Absolutely Need To Be Stamped Out Today whenever politicians decide that Something Must Be Done. As an example, we have regularly seen courts force centralized domain registrars to reject perfectly good applicants for just such reasons (e.g. SciHub). The distributed Internet has "routed around" their ability to censor such information via the routing table. ISPs should not hand governments a tool that they have abused so many times in the past. There’s a pretty serious misunderstanding here – ARIN certainly offers RPKI services and we’ll help someone get ROAs setup for their resources, but that’s about as far as we go… We do point folks to resources on how to perform route origin validation (ROV) so they can know the steps involved, but it is truly is up to each network operator to decide whether they wish to take that step – which as you note comes with some real-world implications (both good & bad) as a result of new linkages with additional parties for your network routing… Would the Internet be a better place if everyone did ROV? I could easily argue some of the upsides such as potential mitigation of routing hijack attempts, but the centralization of control and corresponding risks do also need to be weighed here. For example, while ARIN has done exceptionally well historically avoiding any government interference in the operation of the registry, that is obviously no assurance of future outcomes in this regard. In this end, network operators need to consider the potential benefits and the potential risks applicable to their own circumstances, determine _their_ desired outcomes, and then shouldn’t hesitate to speak up with regard how they want the Internet networking layer to evolve. Along these lines, I’d like to remind everyone of a fairly important consultation that Andrew Hadenfeldt posted here last month <https://mailman.nanog.org/pipermail/nanog/2022-March/218365.html> – https://www.federalregister.gov/documents/2022/03/11/2022-05121/secure-inter... https://www.fcc.gov/document/fcc-launches-inquiry-internet-routing-vulnerabi... (FCC) seeks comment on vulnerabilities threatening the security and integrity of the Border Gateway Protocol (BGP), which is central to the Internet's global routing system, its impact on the transmission of data from email, e-commerce, and bank transactions to interconnected Voice-over Internet Protocol (VoIP) and 9-1-1 calls, and how best to address them. Comments are due on or before April 11, 2022 If you have particular views on this important consultation, please take the time to file comments as appropriate. Best wishes, /John John Curran President and CEO American Registry for Internet Numbers