Is it really a better alternative? Do we want to pay the cost of a
fully distributed RPKI architecture?
Or do we just abandon the idea of protecting the routing infrastructure?
There is no free-lunch, we just need to select the price that we want
to pay.
-as
On 1 Feb 2011, at 16:29, Benson Schliesser wrote:
>
> On Feb 1, 2011, at 11:14 AM, Christopher Morrow wrote:
>
>> On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert <milln...@gmail.com> wrote:
>>> Here be dragons,
>> <snip>
>>> It should be fairly obvious, by most recently what's going on in
>>> Egypt, why allowing a government to control the Internet is a Really
>>> Bad Idea.
>>>
>>
>> how is the egypt thing related to rPKI?
>> How is the propsed rPKI work related to gov't control?
>
> In theory at least, entities closer to the RPKI root (RIRs, IANA) could
> invalidate routes for any sort of policy reasons. This might provide
> leverage to certain governments, perhaps even offering the ability to control
> routing beyond their jurisdiction.
>
> As an example, it's imaginable that the US government could require IANA or
> ARIN to delegate authority to the NSA for a Canadian ISP's routes. Feel free
> to replace the RIR/LIR and country names, to suit your own example.
>
> Cheers,
> -Benson
>
>
