[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)



So a possible road to ruin I was thinking of when I mentioned my unease
is, to state the obvious, -

Some large ISPs do RPKI as it's secure and their government contract
says they have to be secure, keep the terrists out, so all directly
attached ISP have to do it too kicking off a domino

Other large customers will see the government lead and choose the same
to meet the corporate governance rules so smaller ISP they use start to
fall in line.

It'll escalate like the MD5 frenzy, goes global and at some point
hits critical mass where some ISP decide the unsigned routes are a risk
and they can afford to drop them, like some do with deaggregates now.
You get to the state of either you sign or your upstream signs (like L3
IRR proxy entries just a bit harder) or you don't exist.

Some other event, like with UK anti CP filters, will
happen where it becomes a legal requirement to let someone fiddle
and make a kill switch to be used in certain circumstances.

Later it gets used in unintended circumstances

Our trade of control for security has given us neither.

Of course more likely the key renewal will get spam filtered and I'll
not notice until we fall off the net, or we forget to pay the RIR
invoice on time and get cut off, causing a long outage that I can't fix
as quickly as rolling back a router config change.

I also wonder about emergency use, post a katrina have we made
something that's too hard to bootstrap quickly.

Drive slow.

brandon