On 4 May 2011, at 17:24, Brian Nisbet wrote:
You seem to be imagining a scenario where a national governement would just ring up the NCC and say, "revoke these certs." I have seen no evidence to suggest this risk is anything close to real.
I suppose this depends on the definition of "real" and "evidence" Brian.
If the NCC gets told to revoke a cert -- eg via a Dutch court order or equivalent -- it will have to do that. It would be sensible to assume that well-funded and/or litigious organisations might well be minded to pursue that avenue if they think getting a cert revoked will either disrupt or shut down some activities they dislike. Or bury their opponents in legal costs before it gets to the point where a court order gets issued. Certificates for routing will provide another vector for these sorts of layer-9 and up attacks. IMO it's foolish to assume or pretend otherwise. The question is whether there is some other way of ensuring routing consistency ... But given the current track record of many countries' legislative and legal developments, e.g. "hostage-taking" of domains in
On 05.05.2011 09:45, Jim Reid wrote: the US, internet filters in many European countries, etc., I must concur that the threat to the Internet once RPKI is introduced will be very real ... so, what alternatives can we come up with from a technical standpoint that is not prone to government or legal pressure? -garry