I've lately been more and more convinced that the basic idea, technical, is good. But it miss on two quite important points so I can not support it in its current form as stated earlier. However, more comments inline: On Wed, Jun 1, 2011 at 11:49 PM, David Conrad <drc@virtualized.org> wrote:
Sascha, On Jun 1, 2011, at 11:11 AM, Sascha Luck wrote: <snip>
Yet, also daily, I read about an attempt by $someone to censor, cut off or otherwise regulate somebody else's internet access.
Not sure about daily, but yes, this is a problem. I have absolutely no doubt that if a tool exists that allows politicians to claim they're doing something to solve "a problem", they'll use it.
I am quite sure this is one of the bigger issue with this policy. How can it be made clear for everyone that this is not a tool for that area? It should not be any opening for it being used for that really. (... and it's not that long ago an entire /16 or something I think, was used solely by a company to host every form of malware, abuse source, control centers for trojans etc... this tool would be excellent for removing That from Internet as it really was hurting almost everyone. But not sure it would be the Right tool for it.....)
You have to excuse me for not quite believing that this attempt to impose a centralised structure upon internet routing has anything to do with preventing someone from fat-fingering a prefix advertisement...
It really does have something to do with preventing fat-fingering (or perhaps more accurately, reduces the impact of that fat-fingering). The main arguments I've heard (some cynical, some not) for RPKI have been:
- allow for SIDR deployment - allow for the RIRs to enforce their policies - allow for the RIRs to have a viable business model after IPv4 is exhausted - allow the existing address hierarchy model to be enforced (disallow 'alternative address registries')
Excellent, this is probably the "other" side of the problem with this policy, the more technical side that we should spend most of our time solving:) I do not believe it is a good idea at all to start building one central that can control who can, who can not be seen on Internet. What happen when the people running this registry/central database are being fat-fingered? It did happen not that long ago with .se, they went offline even with lost of procedures and routines in place to make sure it never happen. It's not possible to guard against human mistakes really, atleast very very difficult. I rather see someone at an ISP make a mistake once in a while, even often than even make it possible for someone central make a fat-fingered mistake. The difference and the effect on _everyone_ are order of magnitude different. I think both issues I see, the government one, and the technical one, can be solved but this policy do not address these two issues good enough. Both Martin Miller and Sascha Luck have in their last emails listed more reasons why this policy is not good enough on the technical side, that is, central control on what can and can not be used on Internet. Especial Martin's mail on the hierarchical control... -- Roger Jorgensen | rogerj@gmail.com | - IPv6 is The Key! http://www.jorgensen.no | roger@jorgensen.no