This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/address-policy-wg@ripe.net/
[address-policy-wg] the implications of RPKI certificate revokation
- Previous message (by thread): [address-policy-wg] the implications of RPKI certificate revokation
- Next message (by thread): [address-policy-wg] the implications of RPKI certificate revokation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Garry Glendown
garry at nethinks.com
Thu May 5 09:57:00 CEST 2011
On 05.05.2011 09:45, Jim Reid wrote: > On 4 May 2011, at 17:24, Brian Nisbet wrote: > >> You seem to be imagining a scenario where a national governement >> would just ring up the NCC and say, "revoke these certs." I have seen >> no evidence to suggest this risk is anything close to real. > > I suppose this depends on the definition of "real" and "evidence" Brian. > > If the NCC gets told to revoke a cert -- eg via a Dutch court order or > equivalent -- it will have to do that. It would be sensible to assume > that well-funded and/or litigious organisations might well be minded > to pursue that avenue if they think getting a cert revoked will either > disrupt or shut down some activities they dislike. Or bury their > opponents in legal costs before it gets to the point where a court > order gets issued. Certificates for routing will provide another > vector for these sorts of layer-9 and up attacks. IMO it's foolish to > assume or pretend otherwise. The question is whether there is some other way of ensuring routing consistency ... But given the current track record of many countries' legislative and legal developments, e.g. "hostage-taking" of domains in the US, internet filters in many European countries, etc., I must concur that the threat to the Internet once RPKI is introduced will be very real ... so, what alternatives can we come up with from a technical standpoint that is not prone to government or legal pressure? -garry
- Previous message (by thread): [address-policy-wg] the implications of RPKI certificate revokation
- Next message (by thread): [address-policy-wg] the implications of RPKI certificate revokation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]