On Feb 1, 2011, at 3:43 PM, Arturo Servin wrote:
Is it really a better alternative? Do we want to pay the cost of a fully distributed RPKI architecture?
Or do we just abandon the idea of protecting the routing infrastructure?
There is no free-lunch, we just need to select the price that we want to pay.
I agree there is no free-lunch. Randy Bush addressed the problem, in a recent email, by contrasting his "security" personality against his mistrust of authority. (That's my summary, not his words.) And I think that's exactly what I'm struggling with. I want to secure the routing infrastructure, but I don't completely trust centralized regimes. At their best, they're a target for exploitation - at their worst, they're authoritarian. Randy was kind enough to point me toward http://tools.ietf.org/html/draft-ietf-sidr-ltamgmt-00 which I'm in the process of reading. Perhaps there is a way to balance between "fully distributed" and "centralized", e.g. by supporting multiple roots and different trust domains. Cheers, -Benson
On 1 Feb 2011, at 16:29, Benson Schliesser wrote:
On Feb 1, 2011, at 11:14 AM, Christopher Morrow wrote:
On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert <millnert@gmail.com> wrote:
Here be dragons, <snip> It should be fairly obvious, by most recently what's going on in Egypt, why allowing a government to control the Internet is a Really Bad Idea.
how is the egypt thing related to rPKI? How is the propsed rPKI work related to gov't control?
In theory at least, entities closer to the RPKI root (RIRs, IANA) could invalidate routes for any sort of policy reasons. This might provide leverage to certain governments, perhaps even offering the ability to control routing beyond their jurisdiction.
As an example, it's imaginable that the US government could require IANA or ARIN to delegate authority to the NSA for a Canadian ISP's routes. Feel free to replace the RIR/LIR and country names, to suit your own example.
Cheers, -Benson