Hi, On Tue, May 10, 2011 at 9:20 AM, Rob Evans <rhe@nosc.ja.net> wrote:
Stop using them :) If it's not an LEA forcing you to do something then you always have this choice.
...and this is a point worth stressing. If things do "go bad," it isn't the end of the Internet, but we can bail on using the RPKI as it is implemented at the time. It's all about co-operation. :-)
What's the required escape velocity for the world to bail on RPKI if it is universally deployed? DNSSEC? A significant hurdle I believe, meaning not just a little but a substantial abuse must be on-going to reach that point. It's the inverse network effect. To me it seems you are both suggesting that we should start developing an alternative that we can bail to already, so that there is an actual meaningful exit strategy. What I'm wondering is, if the alternative is better than the original, why not go to it directly? Enabling a technology that enables an unfortunate legal lock-down, for example, is a grave error. At least in my book. Kind Regards, Martin