Although I support Rpki as a technology, there are legitimate concerns that it could be abused. I now believe that Rpki needs work in this area at IETF level so the concerns are adressed. I imagine some form of secret sharing among different parties or sme form of key escrow. I am sure that it is not an easy problem, but maybe some progress can be made in this direction. Regards Carlos On Feb 1, 2011, at 7:33 PM, Michael Hallgren <m.hallgren@free.fr> wrote:
Le mardi 01 février 2011 à 12:14 -0500, Christopher Morrow a écrit :
On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert <millnert@gmail.com> wrote:
Here be dragons, <snip> It should be fairly obvious, by most recently what's going on in Egypt, why allowing a government to control the Internet is a Really Bad Idea.
how is the egypt thing related to rPKI? How is the propsed rPKI work related to gov't control?
architecturally/technologically *impossible* for a entity from country A to via-the-hierarchical-trust-model block a prefix assigned to some entity in country B, that is assigned by B's RIR and in full accordance with the RIR policies and in no breach of any contract.
countries do not have RIR's, countries have NIR's... regions have RIR's.
In this context, at least, perhaps the NIR should be considered superfluous or redundant? What is the operational rationale behind the NIR level? Wouldn't a flatter RIR-LIR structure do just fine?
mh