On Tue, Jan 9, 2018 at 11:22 AM, William Herrin <b...@herrin.us> wrote:
> On Tue, Jan 9, 2018 at 1:07 AM, John R. Levine <jo...@iecc.com> wrote: > > > How about validating whether a given AS is an acceptable origin for a set > >> of prefixes? > > > > > That's a job for ordinary PKI. Any time you have a trusted central > in particular RPKI -> https://tools.ietf.org/html/rfc6810 > authority to serve as an anchor, ordinary PKI works fine. The RIRs serve as > anchors for who has the right to authorize which prefixes. > > A harder task is validating whether your peer is part of a legitimate AS > path to that origin. It's not obvious to me that blockchain could help > solve that problem, but it's at least a problem that isn't solved by > ordinary PKI. > > this part of the problem is BGPsec -> https://tools.ietf.org/html/rfc8205 > > Now, if we wanted to replace the RIRs and allow people to self-assign IPv6 > addresses out of ULA space which we'd then honor in the global BGP table, > blockchain could have a role. > > yes, here's a useful use for blockchains... allocation of random numbers, and logging of same in a globally available fashion. > -Bill > > > -- > William Herrin ................ her...@dirtside.com b...@herrin.us > Dirtside Systems ......... Web: <http://www.dirtside.com/> >