> > Imagine if the RIR of a region were forced to revoke all IP resources of a > particular country from RPKI, effectively isolating that country from the > global internet.
Any of the RIRs being forced to revoke ROAs would be a pretty significant event. However your statement here is false. Assuming all of those ROAs disappear or are force-expired, RPKI validation would return NotFound. Exactly the same as any announcement that never had a ROA to begin with. Nobody on the internet is dropping NotFound, and likely won't in most of our lifetimes. > Another concept is to use blockchain technology. 1. No 2. See #1 On Wed, Nov 13, 2024 at 9:42 AM Brandon Z. <bran...@huize.asia> wrote: > Hi there, > > Currently, due to political factors, some countries are not particularly > proactive in deploying RPKI. Imagine if the RIR of a region were forced to > revoke all IP resources of a particular country from RPKI, effectively > isolating that country from the global internet. > > To address this, one approach is for autonomous networks within a region > to establish two trusted RPKI CA servers: one from the major RIRs and > another locally managed. The locally managed CA would take precedence, > allowing autonomous networks to submit their IP resources to the RPKI > server of their peers (and potentially backed by a national mandate to > trust this CA). This setup could prevent a scenario where an entire > country’s IP resources are revoked, leading to all IPs being marked as > invalid. > > Another concept is to use blockchain technology. While cryptocurrencies > use computational power to verify ownership, BGP could use peer count. If > an IP resource is marked as valid by a majority of high-influence networks > (with many peers), it could be trusted by the entire internet. > > Could this approach work? Perhaps there’s existing research on similar > methods? > *Brandon Z.* > HUIZE LTD > www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter > > This e-mail and any attachments or any reproduction of this e-mail in > whatever manner are confidential and for the use of the addressee(s) only. > HUIZE LTD can’t take any liability and guarantee of the text of the email > message and virus. >
