Hi Sasha,
I'm afraid that every objection made to 2008-08 (which proposal failed to achieve consensus) applies exactly the same to this proposal. Rather than re-iterating every argument here again, I refer to the original thread re. 2008-08:
http://www.ripe.net/ripe/mail/archives/address-policy-wg/2011-May/005737.htm...
For this reason alone, I oppose this proposal.
Then let me counter by answering to the message you refer to:
I believe that before this policy is adopted the community should consider in depth:
i) whether these concerns are at least potentially valid (I am convinced they are);
The concerns are based on: a) the majority of network operators using rPKI and dropping unsigned or invalid routes b) legislators giving power to law enforcement so that they can force a Dutch entity (the RIPE NCC) to withdraw resources from its members c) legislators forcing network operators all over the world to keep doing (a) even in the event of abuse by law enforcement The usage of rPKI in (a) depends a lot on the policy that the network operators use. Everything is possible there. The examples at http://www.ripe.net/lir-services/resource-management/certification/router-co... show how to adjust local-pref based on rPKI while still accepting all routes. This is the network operator's choice! On (b) see http://www.ripe.net/ripe/docs/ripe-588: """ The RIPE NCC may be asked by LEAs to perform a specific action, for example a modification in the registration of specific Internet number resources. The RIPE NCC will not voluntarily comply with such requests. The RIPE NCC will only comply with such requests if a Dutch Court order is served by a Dutch LEA, as well as a binding order from law-enforcement or regulatory authorities that are operating as required under Dutch criminal and administrative law (such as the Public Prosecution Department, the Police, the Fiscal Intelligence and Investigation Service). Both law enforcement and other national authorities operating outside the Netherlands must follow the applicable mutual legal assistance treaties (MLAT) procedures. Each order will be evaluated on its own merits. If an order is considered illegal or of a non-obligatory nature, the RIPE NCC will not comply with it and will challenge it either before the authority giving the order or before a civil or criminal court, depending on the specific circumstances. """ If the Dutch legal system gets so bad that they require disproportional measures to be taken by the RIPE NCC then I think we have bigger issues and should move the RIPE NCC to a different country. And (c) would require laws to be changed all over the world to force network operators to use rPKI *and* to force them to use it in a certain way. If that happens then they can as easily make laws that result in the same operational effect without using rPKI. Network operators have to follow the rules/laws of the country/countries they operate in, with or without rPKI.
ii) If so, whether the problem that this policy addresses is sufficiently serious to warrant accepting these new risks [1]; and
Considering that rPKI prevents mistakes and highjacks of address space happen today, compared to a unlikely future situation where operators are forced to use rPKI in a certain way and where law enforcement becomes capable of controlling the RIPE NCC, yes I think we should accept this policy. Considering the increasing pain caused by lack of IPv4 addresses and the resulting growth of incentive for highjacking I expect we need the features that rPKI provides sooner rather than later.
iii) Even if the problem is serious enough, whether alternative means to address it could be found that would mitigate these risks [2]. (For example, if the problem could be 80% solved using a model that does not give RIRs a power to revoke and expire certificates "needed" for routing, is the residual 20% of the problem really serious enough to warrant creating the risks I describe).
Alternative means have been used for years, and still aren't good enough. Yes, securing routing is desperately needed.
iv) Even if the problem still justifies adopting the approach taken in this policy proposal, what other steps should be taken simultaineously to mitigate these risks.
I see no need at this point to take other steps, as I don't see (a), (b) and (c) happen simultaneously. If your concerns should approach reality (laws enabling remote control of the RIPE NCC, laws enforcing a very specific usage of rPKI, etc) then we should take steps. Until there is evidence that those concerns are more than fear, uncertainty and doubt we should not act on them. And for the WG chairs: I support this proposal Cheers, Sander