Hi,
i) whether these concerns are at least potentially valid (I am convinced they are); The concerns are based on: a) the majority of network operators using rPKI and dropping unsigned or invalid routes
If this is not the case, rpki serves no useful (security) purpose and its implementation is pointless.
Incorrect: rPKI can serve as a warning system, it can be used to adjust local-prefs and other local policy decisions. Not just for dropping or ignoring routes.
b) legislators giving power to law enforcement so that they can force a Dutch entity (the RIPE NCC) to withdraw resources from its members
Wrong. The NCC must (and will, see Axel's recent message) comply with a court order or injunction. Possibly any court order from an EU member state, these are enforceable across borders, TTBOMK. Neither legislation nor law enforcement need be involved, it could be anyone (BREIN, GEMA, a pissed-off individual with money and lawyers) and the right judge. This does not even consider an attack from a non-legal actor, such as a compromised CA.
Please read the legal statement from the NCC I linked to. You are contradicting it. If you have better legal advice than the RIPE NCC's own lawyers then please contact the NCC.
c) legislators forcing network operators all over the world to keep doing (a) even in the event of abuse by law enforcement
Nobody needs to *force* operators to do anything, they will probably not even notice a route missing from a few hundred thousand or, indeed, care that TPB is no longer reachable unless someone complains loudly.
Operators not caring about their routing tables is a problem out of scope for this policy. There are thousands of other factors besides rPKI, so this is not specific to this policy.
show how to adjust local-pref based on rPKI while still accepting all routes. This is the network operator's choice!
True, but the security gain is nil to low if routes with invalid/ non-existing ROAs aren't dropped.
Not true, see above
While some operators may use ROAs to adjust localpref, IMO the "lazy default" and most-widely used implementation will be "drop invalid/missing" and this is the case I base my argument on.
Ah, ok. But since your assumption is invalid (there is no default, and the quick-start examples which would probably be used for such a "lazy default" are completely different from what you assume) then your case isn't very interesting to discuss any further. Cheers, Sander