> > In technical terms, RIRs can indeed configure IPs to become RPKI invalid.
Incorrect. If the RIR revokes the resource certificate used to sign the ROA, the ROA is also then revoked. Validator software will then remove the VRPs that had been created from that previously valid ROA. If there are no other VRPs that cover the BGP message parameters, the validator will return NOTFOUND. If the RIR refused to publish or deleted the ROA, validators will eventually delete them, which also removes the VRP previously created. If there are no other VRPs that cover the BGP message parameters, the validator will return NOTFOUND. On Wed, Nov 13, 2024 at 2:41 PM Brandon Z. <bran...@huize.asia> wrote: > Hi William, > > > Under block chain, an RIR would not be able to revoke number > > resources, not even for non-payment or fraud. > > Okay, this would lead to a permanent loss of resources, whereas > cryptocurrency does not have this issue. > > > Also, please don't cross-post discussions to two lists. It's against > the rules for NANOG and I presume it's against the rules for MANRS as > well. > > Noticed that; sorry for posting twice as well. > > Best, > *Brandon Z.* > HUIZE LTD > www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter > > This e-mail and any attachments or any reproduction of this e-mail in > whatever manner are confidential and for the use of the addressee(s) only. > HUIZE LTD can’t take any liability and guarantee of the text of the email > message and virus. > > > On Wed, 13 Nov 2024 at 12:16, William Herrin <b...@herrin.us> wrote: > >> On Wed, Nov 13, 2024 at 6:39 AM Brandon Z. <bran...@huize.asia> wrote: >> > Another concept is to use blockchain technology. While cryptocurrencies >> > use computational power to verify ownership, BGP could use peer count. >> > If an IP resource is marked as valid by a majority of high-influence >> > networks (with many peers), it could be trusted by the entire internet. >> >> Hi Brandon, >> >> That's not how blockchain works. Validation is time-bound and >> irrevocable. Only the current key-holder can transfer the validated >> material to another entity. Effecting such transfers requires minimal >> computation, on the order of a few HTTPS transfers. >> >> Under block chain, an RIR would not be able to revoke number >> resources, not even for non-payment or fraud. And if the keys >> associated with an address block were lost or stolen, the address >> block would effectively be lost with them. The whole point of the >> block chain is that it is mathematically irrevocable. Period and full >> stop. >> >> Bear in mind that the five RIRs are self-organized. There's not a >> whole lot to stop a sixth RIR from organizing if enough address >> holders (and their money) get together and agree they want one. Which >> would surely happen if a government attempted to cut off an entire >> country from address registration. >> >> Also, please don't cross-post discussions to two lists. It's against >> the rules for NANOG and I presume it's against the rules for MANRS as >> well. >> >> Regards, >> Bill Herrin >> >> >> -- >> William Herrin >> b...@herrin.us >> https://bill.herrin.us/ >> >
