On 28/04/2012 14:04, Alex Band wrote: > they do not trust, or have a specific local policy for. In the toolsets > for using the RPKI data set for routing decisions, such as the RIPE NCC > RPKI Validator, every possible step is taken is taken to ensure that the > operator is in the driver's seat.
Leaving aside technical matters, this is one of the more contentious political issues with RPKI. RPKI is a tool which can be used to locally influence routing decisions, but allows centralised control of prefix authenticity. If this central point is influenced to invalidate a specific prefix, then that will cause serious reachability problems for that prefix on the Internet. It will be difficult for politicians / legislators / LEAs to look at a technology like this and not see its potential for implementing wide-area Internet blocking. For sure, the LEAs currently looking at it are extremely interested. Nick
