nanog mailing list archives

Re: Implementing Decentralized RPKI with Blockchain Technology

From: David Conrad via NANOG <nanog () nanog org>
Date: Thu, 14 Nov 2024 10:22:50 +0000

Tom,

Something I’ve been curious about for some time: since deployment of RPKI is (mostly) hosted by the RIRs and 
ultimately, the RIRs control the validation chain, what would happen if the RIR creates (or, if you prefer, is directed 
by court order to create) INVALIDs?

Regards,
-drc

On Nov 13, 2024, at 11:59 PM, Tom Beecher <beecher () beecher cc> wrote:

In technical terms, RIRs can indeed configure IPs to become RPKI invalid.


Incorrect. 

If the RIR revokes the resource certificate used to sign the ROA, the ROA is also then revoked. Validator software 
will then remove the VRPs that had been created from that previously valid ROA. If there are no other VRPs that cover 
the BGP message parameters, the validator will return NOTFOUND. 

If the RIR refused to publish or deleted the ROA, validators will eventually delete them, which also removes the VRP 
previously created. If there are no other VRPs that cover the BGP message parameters, the validator will return 
NOTFOUND.

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

Re: Implementing Decentralized RPKI with Blockchain Technology, (continued)
- Re: Implementing Decentralized RPKI with Blockchain Technology Tom Beecher (Nov 13)
- Message not available
  - Re: [manrs-community] Implementing Decentralized RPKI with Blockchain Technology Brandon Z. (Nov 13)
- Re: Implementing Decentralized RPKI with Blockchain Technology Francis Booth via NANOG (Nov 13)
- Re: Implementing Decentralized RPKI with Blockchain Technology William Herrin (Nov 13)
  - Re: Implementing Decentralized RPKI with Blockchain Technology Brandon Z. (Nov 13)
    - Re: Implementing Decentralized RPKI with Blockchain Technology Jason R. Rokeach via NANOG (Nov 13)
    - Re: Implementing Decentralized RPKI with Blockchain Technology William Herrin (Nov 13)
    - Re: Implementing Decentralized RPKI with Blockchain Technology Jason R. Rokeach via NANOG (Nov 13)
    - Re: Implementing Decentralized RPKI with Blockchain Technology William Herrin (Nov 13)
    - Re: Implementing Decentralized RPKI with Blockchain Technology Tom Beecher (Nov 13)
    - Re: Implementing Decentralized RPKI with Blockchain Technology David Conrad via NANOG (Nov 14)
    - Re: Implementing Decentralized RPKI with Blockchain Technology Robert McKay via NANOG (Nov 14)
    - Re: Implementing Decentralized RPKI with Blockchain Technology Tom Beecher (Nov 14)
    - Re: Implementing Decentralized RPKI with Blockchain Technology William Herrin (Nov 14)
    - Re: Implementing Decentralized RPKI with Blockchain Technology Brandon Z. (Nov 14)
    - Re: Implementing Decentralized RPKI with Blockchain Technology Tom Beecher (Nov 14)
    - Re: Implementing Decentralized RPKI with Blockchain Technology William Herrin (Nov 14)
    - Re: Implementing Decentralized RPKI with Blockchain Technology Tom Beecher (Nov 15)
    - Re: Implementing Decentralized RPKI with Blockchain Technology Alex (Nov 15)
    - RE: Implementing Decentralized RPKI with Blockchain Technology Vasilenko Eduard via NANOG (Nov 17)
    - Re: Implementing Decentralized RPKI with Blockchain Technology David Conrad via NANOG (Nov 16)

(Thread continues...)