[136187] in North American Network Operators' Group
Re: A top-down RPKI model a threat to human freedom? (was Re: Level
daemon@ATHENA.MIT.EDU (Carlos M. Martinez)
Tue Feb 1 17:25:22 2011
In-Reply-To: <1296595999.16035.6.camel@home>
From: "Carlos M. Martinez" <carlosm3011@gmail.com>
Date: Tue, 1 Feb 2011 20:15:19 -0200
To: Michael Hallgren <m.hallgren@free.fr>
Cc: "carlos@lacnic.net" <carlos@lacnic.net>,
"nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Although I support Rpki as a technology, there are legitimate concerns that i=
t could be abused. I now believe that Rpki needs work in this area at IETF l=
evel so the concerns are adressed.
I imagine some form of secret sharing among different parties or sme form of=
key escrow. I am sure that it is not an easy problem, but maybe some progre=
ss can be made in this direction.
Regards
Carlos
On Feb 1, 2011, at 7:33 PM, Michael Hallgren <m.hallgren@free.fr> wrote:
> Le mardi 01 f=C3=A9vrier 2011 =C3=A0 12:14 -0500, Christopher Morrow a =C3=
=A9crit :=20
>> On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert <millnert@gmail.com> wro=
te:
>>> Here be dragons,
>> <snip>
>>> It should be fairly obvious, by most recently what's going on in
>>> Egypt, why allowing a government to control the Internet is a Really
>>> Bad Idea.
>>>=20
>>=20
>> how is the egypt thing related to rPKI?
>> How is the propsed rPKI work related to gov't control?
>>=20
>>> architecturally/technologically *impossible* for a entity from country
>>> A to via-the-hierarchical-trust-model block a prefix assigned to some
>>> entity in country B, that is assigned by B's RIR and in full
>>> accordance with the RIR policies and in no breach of any contract.
>>=20
>> countries do not have RIR's, countries have NIR's... regions have RIR's.
>=20
> In this context, at least, perhaps the NIR should be considered
> superfluous or redundant? What is the operational rationale behind the
> NIR level? Wouldn't a flatter RIR-LIR structure do just fine?
>=20
> mh
>=20
>>=20
>=20
>=20
