Dear Athina, On 27.10.20 18:06, Athina Fragkouli wrote:
ROAs are created and maintained by resource holders for the Internet number resources they hold. Any changes to ROAs are automatically updated and reflected in the repository. The RIPE NCC has no involvement here and does not need to "inject" ROAs on purpose [1]. We have never received a request to "inject" or modify ROAs. You can see how we would respond to such a request in "Handling Requests for Information, Orders and Investigations from Law Enforcement Agencies" here: https://www.ripe.net/publications/docs/ripe-675 <https://www.ripe.net/publications/docs/ripe-675>
It does not mean that these type of requests will not be received in future. Yes, the majority of legal authorities do not know anything about RPKI. Yet. When they learn something about, they for sure will try to use it, even not fully understanding it. This can result in global Internet disruption (if RPKI will be fully implemented whenever).
According to this process, we will only comply with a request if we receive a Dutch court order served by a Dutch law enforcement agency, or a binding order from law enforcement or regulatory authorities that are operating as required under Dutch criminal or administrative law. Each order will be evaluated on its own merits. If an order is considered illegal or of a non-obligatory nature, the RIPE NCC will not comply with it and will challenge it either before the authority giving the order or before a civil or criminal court, depending on the specific circumstances.
If an order is considered illegal or of a non-obligatory nature - BY WHICH PERSON? By RIPE NCC staff? Let me remind, we are talking about court or other government authority order. I prefer to build the whole world critical infrastructure that can't be get down by such way. Distributed blockchain for example is a good example for publish keys and signatures... But does somebody care?