Job Snijders via NANOG <nanog@nanog.org> wrote:
our community also has to be cognizant about there being parts of the Internet which are not squatting on anyone's numbers *and* also are not contracted to a specific RIR.
Let's not undermine one of the few remaining widely distributed (with no center) technical achievements behind the Internet -- the decentralized routing system. I'm on the board of a large legacy allocation that is deliberately NOT an ARIN (or other RIR) member. And I have a small address block of my own, ditto. ARIN doesn't provide authenticated RPKI entries for just anybody. You have to pay them for that service. And in order to pay them, you have to sign their contract. And if you sign that contract, ARIN can take away your legacy allocation -- anytime they decide it would be in their best interest. Whereas, if you don't sign, the courts have held that you have a *property right* in your IP addresses and they *belong* to you. As a result, most legacy address holders (a large fraction of the Internet addresses) have declined to sign such contracts, pay such bills, and thus can't be in the ARIN authenticated routing registry. For years, ARIN has been deliberately limiting access to the RPKI registry as a lever to force people to sign one-sided contracts beneficial to ARIN. (They do the same lever thing when you sell an address block -- at ARIN, it loses its legacy status, requiring the recipient to pay annual rent to ARIN, and risk losing their block if political winds shift.) The pro-RPKI faction also seems to have completely ignored what I consider a major concern among anti-RPKI folks. The distributed Internet routing system is resilient to centralized failures, and should remain so. Inserting five points of failure (signatures of RIRs) would undermine that resilience. Also, centralizing control over route acceptance can be used for censorship. If the RIRs succeed in convincing "enough of the net" to reject any route that doesn't come with an RIR signature, then any government with jurisdiction over those RIRs can force them to not sign routes for sites that are politically incorrect. How convenient -- for authoritarians. You can have all the IP addresses you want, you just can't get 90% of the ISPs in the world to route packets to them. There is no shortage of Horsemen of the Infopocalypse (child porn, terrorism, sex slavery, Covid misinformation, manipulative propaganda, war news, copyright violations, etc, etc, etc) that Absolutely Need To Be Stamped Out Today whenever politicians decide that Something Must Be Done. As an example, we have regularly seen courts force centralized domain registrars to reject perfectly good applicants for just such reasons (e.g. SciHub). The distributed Internet has "routed around" their ability to censor such information via the routing table. ISPs should not hand governments a tool that they have abused so many times in the past. John