Re: Implementing Decentralized RPKI with Blockchain Technology

On Thu, Nov 14, 2024 at 2:44 PM Tom Beecher wrote: > Yes, you're correct on that point. > > Fundamentally though, if an RIR actually did that, it's effectively the end > of RPKI, and seismic damage to the internet at large. We're talking about what an RIR can do if ordered by a court with jurisd

Re: Implementing Decentralized RPKI with Blockchain Technology

William- Yes, you're correct on that point. Fundamentally though, if an RIR actually did that, it's effectively the end of RPKI, and seismic damage to the internet at large. The entire foundation of this system is that everything must trust that the RIRs are the source of truth over what IPs are

Re: Implementing Decentralized RPKI with Blockchain Technology

Yeah ,that's what I meant. They can remove the certificate for the resource holder and sign a new certificate for these resources and set ROA for as0 only. Technically speaking. *Brandon Z.* HUIZE LTD www.huize.asia | www.ixp.su | Twitter This e-mail and any attachments or a

Re: Implementing Decentralized RPKI with Blockchain Technology

On Thu, Nov 14, 2024 at 9:03 AM Tom Beecher wrote: > As explained earlier, RIRs cannot "create" INVALIDs. Hi Tom, Wouldn't they just withdraw the delegation and issue an AS0 ROA covering the address block? Does that not cause the associated route advertisements to become RPKI invalid? Regards,

Re: Implementing Decentralized RPKI with Blockchain Technology

> > In all the rush to deploy RPKI I fear these issues are not talked > about enough. The first RPKI deployments started happening in the early 2010s, after many many years of being talked about. I'm sure you didn't mean it, but it's pretty insulting to the people who have spent countless hours

Re: Implementing Decentralized RPKI with Blockchain Technology

> > Something I’ve been curious about for some time: since deployment of RPKI > is (mostly) hosted by the RIRs and ultimately, the RIRs control the > validation chain, what would happen if the RIR creates (or, if you prefer, > is directed by court order to create) INVALIDs? As explained earlier,

Re: Implementing Decentralized RPKI with Blockchain Technology

On Wed, Nov 13, 2024 at 7:02 PM Matt Corallo wrote: > > > > On 11/13/24 9:39 AM, Brandon Z. wrote: > > Hi there, > > > > Currently, due to political factors, some countries are not particularly > > proactive in deploying > > RPKI. Imagine if the RIR of a region were forced to revoke all IP resour

Re: Implementing Decentralized RPKI with Blockchain Technology

Possibly one use of a blockchain RPKI would be to restrict the RIR's ability to sign RPKIs to address ranges under their management. The blockchain would then be used for inter-RIR transfers, preventing RIRs from going rogue and interfering with each other's RPKIs (such as a court using it's po

Re: Implementing Decentralized RPKI with Blockchain Technology

Tom, Something I’ve been curious about for some time: since deployment of RPKI is (mostly) hosted by the RIRs and ultimately, the RIRs control the validation chain, what would happen if the RIR creates (or, if you prefer, is directed by court order to create) INVALIDs? Regards, -drc > On Nov