nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Implementing Decentralized RPKI with Blockchain Technology

From: Tom Beecher <beecher () beecher cc>
Date: Thu, 14 Nov 2024 17:44:08 -0500
William-

Yes, you're correct on that point.

Fundamentally though, if an RIR actually did that, it's effectively the end
of RPKI, and seismic damage to the internet at large. The entire foundation
of this system is that everything must trust that the RIRs are the source
of truth over what IPs are allocated and to whom. RPKI just provides a way
to cryptographically verify it. If an RIR was forced to pull an allocation
by an external party for "non-normal" reasons, then trust in that RIR is
irrevocably broken, and we have much larger issues to deal with.

On Thu, Nov 14, 2024 at 5:28 PM Brandon Z. <Brandon () huize asia> wrote:


Yeah ,that's what I meant. They can remove the certificate for the
resource holder and sign a new certificate for these resources and set ROA
for as0 only. Technically speaking.

*Brandon Z.*
HUIZE LTD
www.huize.asia  <https://huize.asia/>| www.ixp.su | Twitter

This e-mail and any attachments or any reproduction of this e-mail in
whatever manner are confidential and for the use of the addressee(s) only.
HUIZE LTD can’t take any liability and guarantee of the text of the email
message and virus.


On Fri, Nov 15, 2024 at 01:21 William Herrin <bill () herrin us> wrote:


On Thu, Nov 14, 2024 at 9:03 AM Tom Beecher <beecher () beecher cc> wrote:

As explained earlier,  RIRs cannot "create" INVALIDs.


Hi Tom,

Wouldn't they just withdraw the delegation and issue an AS0 ROA
covering the address block? Does that not cause the associated route
advertisements to become RPKI invalid?

Regards,
Bill Herrin


--
William Herrin
bill () herrin us
https://bill.herrin.us/
Previous By Date Next
Previous By Thread Next

Current thread: