Possibly one use of a blockchain RPKI would be to restrict the RIR's
ability to sign RPKIs to address ranges under their management. The
blockchain would then be used for inter-RIR transfers, preventing RIRs
from going rogue and interfering with each other's RPKIs (such as a
court using it's power over RIRs in it's jurisdiction to censor address
space under another RIR). Perhaps over time additional RIRs could be
created or even end user orgs could withdraw their RPKIs from the legacy
RIR system into the new RIRs or their own custody.
-Rob
On 2024-11-14 10:22, David Conrad via NANOG wrote:
Tom,
Something I’ve been curious about for some time: since deployment of
RPKI is (mostly) hosted by the RIRs and ultimately, the RIRs control
the validation chain, what would happen if the RIR creates (or, if you
prefer, is directed by court order to create) INVALIDs?
Regards,
-drc
On Nov 13, 2024, at 11:59 PM, Tom Beecher <beec...@beecher.cc>
wrote:
In technical terms, RIRs can indeed configure IPs to become RPKI
invalid.
Incorrect.
If the RIR revokes the resource certificate used to sign the ROA,
the ROA is also then revoked. Validator software will then remove
the VRPs that had been created from that previously valid ROA. If
there are no other VRPs that cover the BGP message parameters, the
validator will return NOTFOUND.
If the RIR refused to publish or deleted the ROA, validators will
eventually delete them, which also removes the VRP previously
created. If there are no other VRPs that cover the BGP message
parameters, the validator will return NOTFOUND.
