Brian, On Wed, May 4, 2011 at 12:24 PM, Brian Nisbet <brian.nisbet@heanet.ie> wrote:
On 04/05/2011 16:57, Sascha Luck wrote:
On Wed, May 04, 2011 at 05:50:06PM +0200, Erik Bais wrote:
It's not that RIPE NCC is owned by a government or that ROA's or certificates are something that the Dutch government could seize or that an evil government would/could do so (under Dutch law), in order to shutdown the internet or an ISP.. There are far better (more effective) ways of doing so, if you remember what happened in Egypt / Libya etc.. Power down datacenter (y/n) ...
The egyptian ex-government had to ring each SP and tell them to pull their advertisements. At least one of whom (for a while) appears to have told them to go shite.
Having a central authority (especially one that's beholden to 20+ governments via the EU) makes that *much* easier.
I really don't think it does. You seem to be imagining a scenario where a national governement would just ring up the NCC and say, "revoke these certs." I have seen no evidence to suggest this risk is anything close to real. I suspect that a for profit global megacorp running such a certification system would be far more vulnerable to such measures, but even then, I don't see this as a large risk.
It's not about "not seeing a risk" as much as it is about _making sure_, in the very design of the system, that it is *not possible* to abuse. Or at the very least extremely hard (global conspiracy kind of hard), to abuse. That would lend a bit more credit to the system. That would mean, of course, that no revocation of any certificate from any single central authority can affect routing on multiple networks. (This list goes on.) The success of deployment RPKI&siblings is inversely proportional to the amount of abuse it makes possible -- I very much would like a much, much different balance than the proposals as they are. As David suggests, much if not all of this can already be achieved using RPSL - save BGP integration... Kind Regards, Martin