[address-policy-wg] Legal counsel on 2008-08 (Initial Certification Policy in the RIPE NCC Service Region)

I've lately been more and more convinced that the basic idea,
technical, is good.
But it miss on two quite important points so I can not support it in
its current form
as stated earlier.

However, more comments inline:

On Wed, Jun 1, 2011 at 11:49 PM, David Conrad <drc at virtualized.org> wrote:
> Sascha,
> On Jun 1, 2011, at 11:11 AM, Sascha Luck wrote:
<snip>
>> Yet, also daily, I read about an attempt by $someone to censor, cut off or
>> otherwise regulate somebody else's internet access.
>
> Not sure about daily, but yes, this is a problem.  I have absolutely no doubt
> that if a tool exists that allows politicians to claim they're doing something
> to solve "a problem", they'll use it.


I am quite sure this is one of the bigger issue with this policy.
How can it be made clear for everyone that this is not a tool for that
area?  It should not be any opening for it being used for that really.

(... and it's not that long ago an entire /16 or something I think,
was used solely by a company to host every form of malware, abuse
source, control centers for trojans etc... this tool would be
excellent for removing That from Internet as it really was hurting
almost everyone. But not sure it would be the Right tool for it.....)



>> You have to excuse me for not quite believing that this attempt to impose
>> a centralised structure upon internet routing has anything to do with
>> preventing someone from fat-fingering a prefix
>> advertisement...
>
> It really does have something to do with preventing fat-fingering (or perhaps
> more accurately, reduces the impact of that fat-fingering).  The main
> arguments I've heard (some cynical, some not) for RPKI have been:
>
> - allow for SIDR deployment
> - allow for the RIRs to enforce their policies
> - allow for the RIRs to have a viable business model after IPv4 is
> exhausted
> - allow the existing address hierarchy model to be enforced (disallow
>  'alternative address registries')

Excellent, this is probably the "other" side of the problem with this
policy, the more technical side that we should spend most of our time
solving:)

I do not believe it is a good idea at all to start building one
central that can control who can, who can not be seen on Internet.

What happen when the people running this registry/central database are
being fat-fingered? It did happen not that long ago with .se, they
went offline even with lost of procedures and routines in place to
make sure it never happen. It's not possible to guard against human
mistakes really, atleast very very difficult.

I rather see someone at an ISP make a mistake once in a while, even
often than even make it possible for someone central make a
fat-fingered mistake.
The difference and the effect on _everyone_ are order of magnitude different.



I think both issues I see, the government one, and the technical one,
can be solved but this policy do not address these two issues good
enough.

Both Martin Miller and Sascha Luck have in their last emails listed
more reasons why this policy is not good enough on the technical side,
that is, central control on what can and can not be used on Internet.
Especial Martin's mail on the hierarchical control...


-- 

Roger Jorgensen           |
rogerj at gmail.com          | - IPv6 is The Key!
http://www.jorgensen.no   | roger at jorgensen.no