[address-policy-wg] 2008-08 (Initial Certification Policy in the RIPE NCC Service Region) going to Last Call

Hi John,

On Thu, May 5, 2011 at 5:50 AM, John Curran <jcurran at arin.net> wrote:
> On May 4, 2011, at 8:48 PM, Martin Millnert wrote:
>
>> ...
>> Network C and D are transit customers of tier-1 network E.
>> ...
>> Network D announces prefix 1 to E.
>>
>> Transit provider E, being a very large company, has after some
>> government pressure decided to enable strict RPKI filtering
>> ...
>> Only a single network, E, implemented strict filtering of RPKI, yet A,
>> not being a customer of E, lost access to 1, and all involved hardware
>> is still functional.
>
> Prefix 1 is for customer D (of network E); ergo, A lost access to D
> because D's choice of service provider.  D voluntarily choose its
> service provider, and can always choose another.

Can it always choose one which is not using this new "route assurance
technology"?
> There is no party
> that was impacted without a choice; D choose A because of their much
> discussed "route assurance" technology, and that turned out (in your
> example) to be a bad choice.  Another example might have it be a wise
> choice, but there's still no one impacted who didn't get  any choice.
>
> How is this different than network D deciding to build a network with
> with an innovative routing technology, which may serve to distinguish
> it in a positive (or negative) manner based on actual performance?

Are you suggesting that the more ways we have to break the internet, the better?
You would probably argue that RPKI can improve performance by removing
intentional and un-intentional route hijacking.

But to this I must ask: Can we quantify how often this happen?  It
would be a very useful data point going forward.

We could also quantify how many jurisdictions have some form of
internet filtering legislation in place today. And take a look at
what's in the legal pipeline.
A well known block list (the existence of it, not its content) was
tested at one point: 98% false-positives. (the remaining 2% was
permanently fixed via simple email, and a ~3h response time...)
Using this metric as the track record for gov internet filtering, and
extending it to our discussion, mistakes will frequently happen, and
the entire endeavor is flawed to its very bones.

But this is not the debate of the specifics of the legal processes in
various jurisdictions, I'm merely showing (and #include Malcom's
posts) a real big risk of having a larger stream of failures coming
from the abuse of a highly proliferated RPKI than the failures it was
designed to fix.
As Sascha put it earlier in the discussion:
"the cure is infinitely worse than the disease"

Key in my example is otherwise what was not written out:  If you scale
the example up, and use of RPKI with strict filtering has
proliferated, X has a good vector to negatively and widely affect
internet routing via Z, which is a completely new thing on the
Internet from today.

> Back to my original question:  "I understand how it would impact the
> network which has decided to make use of strict RPKI-based route
> validation (and therefore the network's customers by extension), but
> can you explain how it would otherwise effect that network's peers?"

I thought I did explain this in my example:  B lost access to D, B *is
a peer* of E, who uses strict RPKI-based route validation. This is a
technicality in the bigger scheme as described above and by Malcom,
however.

Kind Regards,
Martin