[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)

On 1 Feb 2011, at 22:20, Owen DeLong wrote:

> On Feb 1, 2011, at 9:14 AM, Christopher Morrow wrote:
>> On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert <millnert at gmail.com> wrote:
>>> Here be dragons,
>> <snip>
>>> It should be fairly obvious, by most recently what's going on in
>>> Egypt, why allowing a government to control the Internet is a Really
>>> Bad Idea.
>> how is the egypt thing related to rPKI?
>> How is the propsed rPKI work related to gov't control?
> RPKI is a big knob governments might be tempted to turn.

Of course we looked into this, cause we're running our service from Amsterdam, the Netherlands. The possibilities for law enforcement agencies to take measures against the Resource Certification service run by the RIPE NCC are extremely limited. Under Dutch law, the process of certification, as well as resource certificates themselves, do not qualify as goods that are capable of being confiscated.

Then of course, the decision making process always lies in the hands of the network operator. Only if a government would mandate an ISP to respect an invalid ROA and drop the route, it would be effective. 

So *both* these things would have to happen before there is an operational issue. Like you've seen in Egypt, pulling the plug is easier...

YMMV on your side of the pond.

Alex Band
Product Manager, RIPE NCC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1728 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110201/c3a56e7e/attachment.bin>