On Tue, May 3, 2011 at 1:47 PM, Immo 'FaUl' Wehrenberg <immo.ripe@be.free.de> wrote:
Martin wrote:
In order to respond to [2] here (and following a short discussion i had with Geoff after his talk yesterday): as the ressources are given out by the by IANA and the RIRs and the LIRs, so introducing an hirarchial approach that shadows the real assigning is a logical and the only usefull approach IMO.
Here I'd like to raise a minor, quite theoretical, objection. The primary purpose of IANA, RIRs and LIRs, when it comes to IPv4/v6 and AS numbers, is to organize resources globally so that there are no collisions (uniqueness). WIth IPv4 and to some extent AS numbers, there's an additional point of rationing them out, but that is mainly a side-effect of them being varying degrees of finite resources. IPv6 however, while not infinite, is certainly sufficient for every person on the planet. And so it is conceivable that another, distributed, system for uniqueness verification could exist. Whether or not any change like what I'm describing has any chance to fly or not, is a slightly different question. That, and what routing it would require.
While I agree with you at some point, i don't think we get any further when starting to discuss at this level here.
In general, both approaches works poorly to say the least and giving away the power to some "trusted third partys" get us the mess we today have with traditional ssl certificates (where we have a system that is seriously broken beyond all repair). However, I'd like to take Randys point from his talk that the validatity of certificates should be long, but would even say that thay should not be only two to five years, but instead at least 20 years and no possible revocation in order to protect the RIRs from being smashed by political preassure. The really-long-term validity is appealing, but nevertheless falls short from personal preference since I don't see the actual need for RPKI to begin with.
Immo,
Well, we had that Youtube incedent and there where a few more, so there are people demanding it.
I am well aware that there is a demand by powerful forces for RPKI or something similar. I do not think the youtube incident and a handful other motivate such a drastic system. As you argued, the point of RPKI is to see it spread and implement else it is pointless. We agree here.
I don't think that denying that fact and just walk away would get us any further here again.
I welcome research and debate of this and alternative solutions to achieve the goal of avoiding the Youtube incident or making its impact less hurtful.
In contrary, if people seriously start to demand it and we are going to say "well, we will not do something here" then they will start doing that in some other forum, which i would presume is much worse as we here can discuss and raise our concerns.
Hopefully, the respective WG's at RIPE will remain in charge of the PDP process of their respective areas? I partly understand what you mean and partly don't. So far, I've seen one voice in favor of the proposal in this thread and several against. FWIW, I do not accept the argument "If we don't give up now they'll win somewhere else", it's completely mad IMHO. It would be quite appropriate that the general public became more aware of keeping an open internet anyway. Kind Regards, Martin