nanog mailing list archives
Re: Implementing Decentralized RPKI with Blockchain Technology
From: Tom Beecher <beecher () beecher cc>
Date: Wed, 13 Nov 2024 10:10:55 -0500
Imagine if the RIR of a region were forced to revoke all IP resources of a particular country from RPKI, effectively isolating that country from the global internet.
Any of the RIRs being forced to revoke ROAs would be a pretty significant event. However your statement here is false. Assuming all of those ROAs disappear or are force-expired, RPKI validation would return NotFound. Exactly the same as any announcement that never had a ROA to begin with. Nobody on the internet is dropping NotFound, and likely won't in most of our lifetimes.
Another concept is to use blockchain technology.
1. No 2. See #1 On Wed, Nov 13, 2024 at 9:42 AM Brandon Z. <Brandon () huize asia> wrote:
Hi there, Currently, due to political factors, some countries are not particularly proactive in deploying RPKI. Imagine if the RIR of a region were forced to revoke all IP resources of a particular country from RPKI, effectively isolating that country from the global internet. To address this, one approach is for autonomous networks within a region to establish two trusted RPKI CA servers: one from the major RIRs and another locally managed. The locally managed CA would take precedence, allowing autonomous networks to submit their IP resources to the RPKI server of their peers (and potentially backed by a national mandate to trust this CA). This setup could prevent a scenario where an entire country’s IP resources are revoked, leading to all IPs being marked as invalid. Another concept is to use blockchain technology. While cryptocurrencies use computational power to verify ownership, BGP could use peer count. If an IP resource is marked as valid by a majority of high-influence networks (with many peers), it could be trusted by the entire internet. Could this approach work? Perhaps there’s existing research on similar methods? *Brandon Z.* HUIZE LTD www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
Current thread:
- Implementing Decentralized RPKI with Blockchain Technology Brandon Z. (Nov 13)
- Re: Implementing Decentralized RPKI with Blockchain Technology Tom Beecher (Nov 13)
- Message not available
- Re: [manrs-community] Implementing Decentralized RPKI with Blockchain Technology Brandon Z. (Nov 13)
- Re: Implementing Decentralized RPKI with Blockchain Technology Francis Booth via NANOG (Nov 13)
- Re: Implementing Decentralized RPKI with Blockchain Technology William Herrin (Nov 13)
- Re: Implementing Decentralized RPKI with Blockchain Technology Brandon Z. (Nov 13)
- Re: Implementing Decentralized RPKI with Blockchain Technology Jason R. Rokeach via NANOG (Nov 13)
- Re: Implementing Decentralized RPKI with Blockchain Technology William Herrin (Nov 13)
- Re: Implementing Decentralized RPKI with Blockchain Technology Jason R. Rokeach via NANOG (Nov 13)
- Re: Implementing Decentralized RPKI with Blockchain Technology William Herrin (Nov 13)
- Re: Implementing Decentralized RPKI with Blockchain Technology Brandon Z. (Nov 13)
- Re: Implementing Decentralized RPKI with Blockchain Technology Tom Beecher (Nov 13)
- Re: Implementing Decentralized RPKI with Blockchain Technology David Conrad via NANOG (Nov 14)