On Jan 30, 2011, at 5:57 AM, Carlos Martinez-Cagnazzo wrote:
What I just don´t get if, we as a society, have created institutions we trust with our *money* (AKA banks), why there can´t be institutions we trust with our crypto keys. I know that banks sometimes fail, and yes, probably "crypto banks" will sometimes fail as well, but on the whole, the failure rate of trusted institutions can be quite low, acceptably low.
Banks are not an all or nothing proposition. Only a fool trusts a single bank with all of his money. On the other hand, your private key, short of a complicated key escrow environment like the one employed by ICANN for the root key for DNSSEC is an all-or-nothing proposition. EIther you completely trust the other organization, or you don't. Further, when we trust banks with our money, we trust them to hold it, but, we have separate verifiable documentation of how much they are holding for us and they are accountable to return the money to us upon demand. In the case of a private key, it's not money you hand over, it is your very identity in the digital universe. It would be akin to handing your passport to your banker and giving him the ability to replace your picture with his own and then use that passport in whatever manner he sees fit.
IMO the whole thing seems to boil down to the complex interaction of psychological, emotional and other aspects of how we perceive a certain situation. And it clearly depends on the region, just look at RIPE´s column and how it grows relentlessly (i included only a few lines, full stats can be found in the URL posted by Arturo in an earlier post)
Yes, it is cultural and regional. Yes, it is partially a matter of psychology.
R2a. IPv4 Space Covered by ROAs (in units of /24s) ----
date | lacnic| apnic| afrinic| arin| ripe| 2011-01-11 | 17| 189| 1| 0| 28902| 2011-01-12 | 17| 189| 1| 1867.03| 32439| 2011-01-13 | 17| None| 1| 1867.03| 32810| 2011-01-14 | 17| 181| 1| 1867.03| 32819| 2011-01-15 | 17| 181| 1| 1867.03| 32875| 2011-01-16 | 17| 181| 1| 1867.03| 32875| 2011-01-17 | 17| 181| 1| 20| 32903| 2011-01-18 | 17| 181| 2| None| 33783| 2011-01-19 | 17| 177| 2| None| 35271|
Hats off to RIPE People!
We'll see. I have no doubt that if ARIN implemented RPKI the way RIPE has, we'd see similar numbers. However, that doesn't tell the whole story and there are differences in the legal framework under which RIPE operates vs. ARIN that also present unique challenges for ARIN doing things that way. I'm not convinced that what RIPE is doing is completely in the community interest. I think holding that many organization's private keys in trust in a single central repository is somewhat irresponsible and short sighted. Yes, it creates a near-term benefit and accelerates deployment of RPKI. However, it also has risks which don't show up in your table. Owen