[136223] in North American Network Operators' Group
Re: A top-down RPKI model a threat to human freedom? (was Re: Level
daemon@ATHENA.MIT.EDU (Martin Millnert)
Tue Feb 1 19:12:34 2011
In-Reply-To: <62092E89-6460-4240-B6F8-FDF9D161A018@ripe.net>
Date: Tue, 1 Feb 2011 19:10:34 -0500
From: Martin Millnert <millnert@gmail.com>
To: Alex Band <alexb@ripe.net>
Cc: carlos@lacnic.net, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Alex,
On Tue, Feb 1, 2011 at 4:57 PM, Alex Band <alexb@ripe.net> wrote:
> On 1 Feb 2011, at 22:20, Owen DeLong wrote:
>> RPKI is a big knob governments might be tempted to turn.
>
> Of course we looked into this, cause we're running our service from Amste=
rdam, the Netherlands. The possibilities for law enforcement agencies to ta=
ke measures against the Resource Certification service run by the RIPE NCC =
are extremely limited. Under Dutch law, the process of certification, as we=
ll as resource certificates themselves, do not qualify as goods that are ca=
pable of being confiscated.
>
> Then of course, the decision making process always lies in the hands of t=
he network operator. Only if a government would mandate an ISP to respect a=
n invalid ROA and drop the route, it would be effective.
>
> So *both* these things would have to happen before there is an operationa=
l issue. Like you've seen in Egypt, pulling the plug is easier...
>
> YMMV on your side of the pond.
>
> Alex Band
> Product Manager, RIPE NCC
As others pointed out, and as we especially have seen the past 10 and
a half years, laws can easily change.
I too believe it is somewhat necessary to have 'control' over the IPv4
prefix distribution in order for the RIRs to continue being
Registries. I understand and share the RIRs concern regarding this. I
also do believe we can expend at least two years (just to put a number
out there) more to make a system that is robust also against
censorship, that everybody can feel comfortable to trust. Operational
impact and cost, I believe, will be quite minor during this time.
In fact, I believe it is an investment that apart from being necessary
(IMO), will actually pay off, because only with a system that people
trust, will most network operators enable it by their free will, which
ought to be the goal for *everybody* involved. (Lest the dystopian
future takes hold, of course.)
Once a reliable system exists, I would be the first one to enable it
on my routers, and wouldn't shed a tear if illegitimately acquired or
traded routing information was lost at that time.
And to be extremely clear, nobody is suggesting that they do not trust
the people working at RIPE or any other RIR to do a good job here but
at the same time, "we are all human". We have a, in my opinion, very
big responsibility towards future generations in (re-)designing the
Internet in a way that continues to keep it open and robust towards
failures of various sorts. Even that of a single RIR.
Regards,
Martin
