In technical terms, RIRs can indeed configure IPs to become RPKI invalid.

Incorrect. 

If the RIR revokes the resource certificate used to sign the ROA, the ROA is also then revoked. Validator software will then remove the VRPs that had been created from that previously valid ROA. If there are no other VRPs that cover the BGP message parameters, the validator will return NOTFOUND. 

If the RIR refused to publish or deleted the ROA, validators will eventually delete them, which also removes the VRP previously created. If there are no other VRPs that cover the BGP message parameters, the validator will return NOTFOUND. 




On Wed, Nov 13, 2024 at 2:41 PM Brandon Z. <Brandon@huize.asia> wrote:
Hi William,

> Under block chain, an RIR would not be able to revoke number
> resources, not even for non-payment or fraud.

Okay, this would lead to a permanent loss of resources, whereas cryptocurrency does not have this issue.

> Also, please don't cross-post discussions to two lists. It's against
the rules for NANOG and I presume it's against the rules for MANRS as
well.

Noticed that; sorry for posting twice as well.

Best,
Brandon Z.
HUIZE LTD

This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.


On Wed, 13 Nov 2024 at 12:16, William Herrin <bill@herrin.us> wrote:
On Wed, Nov 13, 2024 at 6:39 AM Brandon Z. <Brandon@huize.asia> wrote:
> Another concept is to use blockchain technology. While cryptocurrencies
> use computational power to verify ownership, BGP could use peer count.
> If an IP resource is marked as valid by a majority of high-influence
> networks (with many peers), it could be trusted by the entire internet.

Hi Brandon,

That's not how blockchain works. Validation is time-bound and
irrevocable. Only the current key-holder can transfer the validated
material to another entity. Effecting such transfers requires minimal
computation, on the order of a few HTTPS transfers.

Under block chain, an RIR would not be able to revoke number
resources, not even for non-payment or fraud. And if the keys
associated with an address block were lost or stolen, the address
block would effectively be lost with them. The whole point of the
block chain is that it is mathematically irrevocable. Period and full
stop.

Bear in mind that the five RIRs are self-organized. There's not a
whole lot to stop a sixth RIR from organizing if enough address
holders (and their money) get together and agree they want one. Which
would surely happen if a government attempted to cut off an entire
country from address registration.

Also, please don't cross-post discussions to two lists. It's against
the rules for NANOG and I presume it's against the rules for MANRS as
well.

Regards,
Bill Herrin


--
William Herrin
bill@herrin.us
https://bill.herrin.us/