Possibly one use of a blockchain RPKI would be to restrict the RIR's ability to sign RPKIs to address ranges under their management. The blockchain would then be used for inter-RIR transfers, preventing RIRs from going rogue and interfering with each other's RPKIs (such as a court using it's power over RIRs in it's jurisdiction to censor address space under another RIR). Perhaps over time additional RIRs could be created or even end user orgs could withdraw their RPKIs from the legacy RIR system into the new RIRs or their own custody. -Rob On 2024-11-14 10:22, David Conrad via NANOG wrote:
Tom,
Something I’ve been curious about for some time: since deployment of RPKI is (mostly) hosted by the RIRs and ultimately, the RIRs control the validation chain, what would happen if the RIR creates (or, if you prefer, is directed by court order to create) INVALIDs?
Regards, -drc
On Nov 13, 2024, at 11:59 PM, Tom Beecher <beecher@beecher.cc> wrote:
In technical terms, RIRs can indeed configure IPs to become RPKI invalid.
Incorrect.
If the RIR revokes the resource certificate used to sign the ROA, the ROA is also then revoked. Validator software will then remove the VRPs that had been created from that previously valid ROA. If there are no other VRPs that cover the BGP message parameters, the validator will return NOTFOUND.
If the RIR refused to publish or deleted the ROA, validators will eventually delete them, which also removes the VRP previously created. If there are no other VRPs that cover the BGP message parameters, the validator will return NOTFOUND.