Hi Jay,
Speaking only for myself.
On 22/08/2011, at 11:29 AM, Jay Daley wrote:
I don't want to get hung up on the radical policies I proposed, they were there to illustrate the point that different approaches within a policy framework are possible. You had some interesting questions in there that I'll quickly answer by saying the RPKI should not be voluntary and RIRs (or companion organisations to maintain a registry/regulator split) should become addressing police officers using the RPKI sanction to keep people in line.
I've been following this thread quietly and since you've mention RPKI I thought I would chime in with a personal perspective as it's a topic I find interesting.
RPKI is the base requirement for a routing security framework. It is simply stating that the holder of the private key is the holder of the address space, with the underlying layer being that the address space is unique and can be verified as such. This allows one to build a layer of routing security with that basic crypto-graphical slice of information. The resulting security framework (evolving as BGPSEC) is optional - it has to be. Some people will implement and engage faster than others. However BGPSEC is optional and the prose in the existing IETF drafts says not having it is ok, it's just insecure. Additionally the real power for RPKI is in the hands of the relying party (those who do the validation and apply it to routing). The relying parties may/will apply their own local policies, which could be orthogonal, to what is seen in the RPKI. This implies that the RPKI is quite toothless as a sanction. Consider it as an instrument closer in function to the title deed for your house.
The other aspect of your suggestion is that attempting to turn the RPKI into the truncheon for the "addressing police", with the RPKI being linked to the routing system as it is, effectively turns the RIRs into the routing police for those that choose to use RPKI/BGPSEC. This is something I personally would be loath to see. Firstly because this is not the RIR mandate and secondly, in a litigious society the pool of money the RIRs would need to fend off offended businesses would drain Apple's stockpile. I dare say that the vast amount of operators out there would also rather not see a RIR given such reaching controls.
The only thing RPKI currently suggests which supports the centralised control arguments is that it is built on X.509 certificates that requires a strong hierarchical model for the certificate issuance. Although the observation is that certificate issuance itself can still be hierarchical in almost any distribution mechanism (direct, registry/registrar, broker, wholesaler, etc) provided provenance can be maintained.
To be honest, I see the only sane approach is to make RPKI an optional service (for those who wish to use it warts and all) unencumbered with conditions and implications apart from being able to prove your right to use addresses.
Cheers
Terry