The answer is simple. It will be centralized system and so:
- you will need to trust its system engineers
- any breaking of this system can cause Internet crash if many AS`es will use it

So it is very bad idea on my opinion.

That’s a very good point and probably the most problematic one

also with existing lists such as Spamhaus EDROP.

I'm thinking of a decentralized system run by a nonprofit/NGO or maybe

even some sort of blockchain or DLT-based approach where multiple, independent

parties are required to sign something - or in this case add entries to the list,

in order to avoid misuse, censorship and a single point of failure.

The contributing organizations could be RIRs, IXPs, Tier-1 ISPs and NGOs

in different continents, countries and legislations, where atleast for example

one-third of them need to flag an ASN before it gets added to the list.

What we need that all follow the rules: https://www.routingmanifesto.org/

Thanks for the link

On 01.08.2018 12:59, Dominic Schallert wrote:
Dear colleagues,

I’m sure some of you have read about this recent incident; https://bgpstream.com/event/144058 . Nowadays we’re talking about transport security, https-per-default, etc. but the most fundamental parts of the internet such as BGP, are basically broken from a security perspective. While RPKI/ROA/ROV could fix most of the current security-related struggles, their deployment currently competes somewhat with IPv6 - or even worse - and therefore won’t be a practical solution in the forseeable future. Strict IRRDB and route object filtering is complicated (or almost impossible) as well.

So I’m wondering, why can't we just have an automated blacklist like RBL's for mailservers, where all AS'es detected for hijacking prefixes are automatically blacklisted, similiar to Team Cymru's fullbogons feed? The list combined with some scripting could then be used for realtime AS-path filtering at border routers. Delisting of blacklisted ASNs should happen only after a pre-defined amount of time (eg. 14 days) or after paying a fee to a charity/non-profit and providing a statement on the issue which is publicy released. The idea is to hurt those who can’t get their stuff - especially prefix filtering - together.

I still remember the days where everyone complained about RBLs, nowadays almost every mailserver setup relies on them. Sometimes extreme problems require extrem solutions.

Mit besten Grüßen
Kind Regards
Dominic Schallert, BA

<Mail-Anhang.png>

schallert.com e.U. | Hauptstraße 35b, 6800 Feldkirch, Austria

FN: 440372g | UID: ATU66209211 | Gerichtsstand: Feldkirch

Tel.: +43 680 146 1947 | Fax: +43 134 242 642 616

www.schallert.com | office@schallert.com
_______________________________________________
members-discuss mailing list
members-discuss@ripe.net
https://lists.ripe.net/mailman/listinfo/members-discuss
Unsubscribe: https://lists.ripe.net/mailman/options/members-discuss/noc%40mega-net.ru