Alex, On May 9, 2011, at 11:57 AM, Alex Band wrote:
Even with 100% adoption today, every network operator still has a *choice*.
I remember similar arguments being made about DNSSEC in the context of the NTIA/ICANN/VeriSign signing of the root: resolver operators always have the option of not using the trust anchor published by IANA. This argument generally isn't very realistic.
But if I look at this from an RIR perspective, it would of course never be in their interest to do so or play a part in that process.
Of course. However, realistically, it would be in the RIRs' (or at least their staff's) interests to abide by lawful requests of law enforcement in the venues in which they are incorporated. Folks at the RIRs might not be happy about it, but you will play a part in that process or get fined/go to jail.
Our goal is to provide an infrastructure and make sure only the registered holder of an Internet resource can create a valid attestation.
If this was the extent of what was possible, I doubt anyone would have significant worries. I believe the concern is more that once that infrastructure is built, it will be used for additional, less desirable purposes.
Now that we've finally launched this as a usable, tangible service, this discussion erupts. I'll leave it up to you to to draw a conclusion from that.
That people don't deal with stuff until they're forced to?
With RPKI, the only thing the RIR locks down is that only the registered holder of an Internet resource can create a valid Route Origin Authorisation.
Having a bit of (excruciatingly painful) personal experience at the other end of this in a past life, why were (are?) the RIRs so reticent about being under the IANA in the RPKI hierarchy? Would not the same arguments apply to RIPE from the LIR's perspective?
Yes, this is hierarchical in nature, but there is really no other way to make sure only the *legitimate holder* can make a *valid* attestation.
I would agree that a hierarchical trust model is the simplest and easiest implemented. I'm unclear as to whether no other models exist. However, more concretely, I question whether regardless of whether other trust models exist, it is politically feasible to impose the hierarchical allocation model onto the more peer-to-peer relationships found in the routing system. Personally, I've always been a bit skeptical of the idea that (even theoretically) an RIR could impose a direct and immediate impact on the routability of operational networks relating to sovereign interest (e.g., UK MoD networks), even if that impact would be merely to de-pref their routes in the routers of cooperating ISPs.
This information is validatable by anyone on the Internet using public, open source tools from various parties. In this respect, RPKI makes the routing decision making process more robust.
Yes. There is no doubt (at least in my mind) that RPKI could provide benefits. I think what some are saying is that this comes at a risk/cost and some are not confident either that the risk/cost is justified or that there might not be other ways of gaining similar benefit without that risk/cost. Regards, -drc