On Tue, Jan 9, 2018 at 1:07 AM, John R. Levine <johnl@iecc.com> wrote:
How about validating whether a given AS is an acceptable origin for a set
of prefixes?
That's a job for ordinary PKI. Any time you have a trusted central authority to serve as an anchor, ordinary PKI works fine. The RIRs serve as anchors for who has the right to authorize which prefixes. A harder task is validating whether your peer is part of a legitimate AS path to that origin. It's not obvious to me that blockchain could help solve that problem, but it's at least a problem that isn't solved by ordinary PKI. Now, if we wanted to replace the RIRs and allow people to self-assign IPv6 addresses out of ULA space which we'd then honor in the global BGP table, blockchain could have a role. -Bill -- William Herrin ................ herrin@dirtside.com bill@herrin.us Dirtside Systems ......... Web: <http://www.dirtside.com/>