Hi Sander, On Tue, May 31, 2011 at 11:16 AM, Sander Steffann <sander@steffann.nl> wrote:
I don't think this is the place for discussions about possible future law changes. *anything* can be changed in the law, and the usual way to influence that is through voting. We deal with the current situation, and if the landscape changes we can always start a new policy proposal.
One guy makes some gunpowder. Another a shell casing. A third puts some of the former in the latter. A fourth makes a chamber. A fifth makes a coil. .... Eventually there's a gun. For good or bad. We're kind of saying, let's not make the shell casing if it is likely that the gun will be used for more bad than good.
You seem to be concerned that governments can force ISPs to use RIPE NCC issued ROAs for this, and then force the RIPE NCC to revoke/reissue ROAs. Why would governments take this legally difficult path and not just force ISPs to use government-supplied data as input for their routers?
Governments tend to be good at legal work and not so much routing infrastructure (though they're trying in Iran). If they have one interfacing point, the RIPE NCC, which they and LEAs are already familiar with, why not use it? If ISPs as a result of their use of RIPE NCC to protect citizens from harmful ideas and information decide to not use the RIPE NCC trust anchor, they tend to remedy that with laws. In my view, the risks are certainly not solely with the RIPE NCC certifying resources according to IETF and SIDR-compatible ways, but it's a key piece.
The more I think about it the more I feel that governments have *many* easier ways to influence routing than the ways you are worried about...
Assuming there is a ripencc.LEAandGovAPI.makePrefixGoAway(prefix) API, do you still think there are easier ways for one EU member state to make a route go away in a vast area? That seems pretty easy to me. Best, Martin