In technical terms, RIRs can indeed configure IPs to become RPKI invalid.
Incorrect. If the RIR revokes the resource certificate used to sign the ROA, the ROA is also then revoked. Validator software will then remove the VRPs that had been created from that previously valid ROA. If there are no other VRPs that cover the BGP message parameters, the validator will return NOTFOUND. If the RIR refused to publish or deleted the ROA, validators will eventually delete them, which also removes the VRP previously created. If there are no other VRPs that cover the BGP message parameters, the validator will return NOTFOUND. On Wed, Nov 13, 2024 at 2:41 PM Brandon Z. <Brandon@huize.asia> wrote:
Hi William,
Under block chain, an RIR would not be able to revoke number resources, not even for non-payment or fraud.
Okay, this would lead to a permanent loss of resources, whereas cryptocurrency does not have this issue.
Also, please don't cross-post discussions to two lists. It's against the rules for NANOG and I presume it's against the rules for MANRS as well.
Noticed that; sorry for posting twice as well.
Best, *Brandon Z.* HUIZE LTD www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter
This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
On Wed, 13 Nov 2024 at 12:16, William Herrin <bill@herrin.us> wrote:
On Wed, Nov 13, 2024 at 6:39 AM Brandon Z. <Brandon@huize.asia> wrote:
Another concept is to use blockchain technology. While cryptocurrencies use computational power to verify ownership, BGP could use peer count. If an IP resource is marked as valid by a majority of high-influence networks (with many peers), it could be trusted by the entire internet.
Hi Brandon,
That's not how blockchain works. Validation is time-bound and irrevocable. Only the current key-holder can transfer the validated material to another entity. Effecting such transfers requires minimal computation, on the order of a few HTTPS transfers.
Under block chain, an RIR would not be able to revoke number resources, not even for non-payment or fraud. And if the keys associated with an address block were lost or stolen, the address block would effectively be lost with them. The whole point of the block chain is that it is mathematically irrevocable. Period and full stop.
Bear in mind that the five RIRs are self-organized. There's not a whole lot to stop a sixth RIR from organizing if enough address holders (and their money) get together and agree they want one. Which would surely happen if a government attempted to cut off an entire country from address registration.
Also, please don't cross-post discussions to two lists. It's against the rules for NANOG and I presume it's against the rules for MANRS as well.
Regards, Bill Herrin
-- William Herrin bill@herrin.us https://bill.herrin.us/