Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NANOG: users
Re: rpki vs. secure dns? 		 

Index | Next | Previous | View Flat


alexb at ripe

Apr 29, 2012, 1:38 PM


Views: 934
Permalink
Re: rpki vs. secure dns? [In reply to]
On 29 Apr 2012, at 22:03, David Conrad wrote:

> Alex,
>
> On Apr 29, 2012, at 8:16 AM, Alex Band wrote:
>> All in all, for an RPKI-specific court order to be effective in taking a network offline, the RIR would have to tamper with the registry, inject false data and try to make sure it's not detected so nobody applies a local override.
>
> I suspect the court order would simply say something like 'RIPE-NCC must, upon pain of contempt of court, take sufficient steps to invalidate the allocations made to customer X' and leave it up to you all to figure out how to do it. I doubt they'd care all that much about implementation details. Are you saying it is not possible for RIPE-NCC staff to do this? I also doubt the court would care too much about 'local override' as the "Tyranny of Defaults" would be sufficient for their needs (and they could probably sanction the folks in the Netherlands who they discovered did the override).
>
> As Randy points out, this is not unique to SIDR-defined RPKI. It is applicable to any top-down hierarchical authorization mechanism. Security has (non-monetary) costs.

Thanks David, I know that a court order doesn't have to specific. I just want to make people aware that in the case of RPKI, things are not as clear cut as "Revoked ROA = Offline network". It depends on many factors and I just want to offer a little perspective of what's involved.

-Alex

(P.S. I'm going on holiday for a week without internet access, so I won't be able to follow up on this thread for a while)
Attachments: smime.p7s (2.30 KB)

Subject User Time
rpki vs. secure dns? vixie at isc Apr 27, 2012, 3:05 PM
    Re: rpki vs. secure dns? cb.list6 at gmail Apr 27, 2012, 3:16 PM
    Re: rpki vs. secure dns? ryanczak at gmail Apr 27, 2012, 3:16 PM
        Re: rpki vs. secure dns? randy at psg Apr 28, 2012, 7:02 AM
    Re: rpki vs. secure dns? waehlisch at ieee Apr 28, 2012, 1:55 AM
    Re: rpki vs. secure dns? fw at deneb Apr 28, 2012, 2:56 AM
        Re: rpki vs. secure dns? randy at psg Apr 28, 2012, 3:04 AM
        Re: rpki vs. secure dns? alexb at ripe Apr 28, 2012, 3:34 AM
            Re: rpki vs. secure dns? fw at deneb Apr 28, 2012, 4:35 AM
                Re: rpki vs. secure dns? alexb at ripe Apr 28, 2012, 6:04 AM
                    Re: rpki vs. secure dns? fw at deneb Apr 28, 2012, 8:16 AM
                    Re: rpki vs. secure dns? nick at foobar Apr 28, 2012, 10:22 AM
                        Re: rpki vs. secure dns? regnauld at nsrc Apr 28, 2012, 10:27 AM
                            Re: rpki vs. secure dns? nick at foobar Apr 28, 2012, 10:45 AM
                                Re: rpki vs. secure dns? alexb at ripe Apr 28, 2012, 11:14 AM
                                    Re: rpki vs. secure dns? rubensk at gmail Apr 28, 2012, 12:21 PM
                    Re: rpki vs. secure dns? nick at foobar Apr 29, 2012, 1:50 PM
                        Re: rpki vs. secure dns? alexb at ripe Apr 30, 2012, 12:18 AM
                        Re: rpki vs. secure dns? millnert at gmail May 1, 2012, 12:19 PM
            Re: rpki vs. secure dns? danny at tcb Apr 30, 2012, 7:53 AM
                Re: rpki vs. secure dns? dburk at burkov Apr 30, 2012, 8:16 AM
                    Re: rpki vs. secure dns? randy at psg Apr 30, 2012, 8:46 AM
                        Re: rpki vs. secure dns? jared at puck Apr 30, 2012, 8:51 AM
                        Re: rpki vs. secure dns? dburk at burkov Apr 30, 2012, 8:55 AM
                        Re: rpki vs. secure dns? russw at riw May 1, 2012, 4:19 AM
                        Re: rpki vs. secure dns? jtk at cymru May 1, 2012, 8:31 AM
                            Re: rpki vs. secure dns? rdobbins at arbor May 1, 2012, 8:51 AM
    Re: rpki vs. secure dns? saku at ytti Apr 28, 2012, 3:17 AM
        Re: rpki vs. secure dns? rdobbins at arbor May 1, 2012, 4:36 AM
            Re: rpki vs. secure dns? russw at riw May 1, 2012, 10:46 AM
                Re: rpki vs. secure dns? rdobbins at arbor May 1, 2012, 6:51 PM
            Re: rpki vs. secure dns? vixie at isc May 28, 2012, 1:59 PM
                Re: rpki vs. secure dns? drc at virtualized May 28, 2012, 2:42 PM
                Re: rpki vs. secure dns? bortzmeyer at nic May 29, 2012, 3:30 AM
    Re: rpki vs. secure dns? bortzmeyer at nic Apr 28, 2012, 4:59 AM
    Re: rpki vs. secure dns? bortzmeyer at nic Apr 28, 2012, 5:57 AM
        Re: rpki vs. secure dns? alexb at ripe Apr 28, 2012, 6:19 AM
    Re: rpki vs. secure dns? bortzmeyer at nic Apr 28, 2012, 6:18 AM
    Re: rpki vs. secure dns? randy at psg Apr 28, 2012, 6:58 AM
        Re: rpki vs. secure dns? russw at riw Apr 30, 2012, 6:41 AM
            Re: rpki vs. secure dns? bortzmeyer at nic Apr 30, 2012, 6:53 AM
                Re: rpki vs. secure dns? randy at psg Apr 30, 2012, 7:05 AM
                Re: rpki vs. secure dns? russw at riw Apr 30, 2012, 7:05 AM
    Re: rpki vs. secure dns? regnauld at nsrc Apr 28, 2012, 12:28 PM
        Re: rpki vs. secure dns? alexb at ripe Apr 29, 2012, 8:16 AM
            Re: rpki vs. secure dns? jrex at CS Apr 29, 2012, 8:28 AM
            Re: rpki vs. secure dns? drc at virtualized Apr 29, 2012, 1:03 PM
            Re: rpki vs. secure dns? nick at foobar Apr 29, 2012, 1:08 PM
            Re: rpki vs. secure dns? fw at deneb Apr 30, 2012, 2:04 PM
    Re: rpki vs. secure dns? brandon at rd Apr 29, 2012, 9:21 AM
    Re: rpki vs. secure dns? bortzmeyer at nic Apr 29, 2012, 9:37 AM
        Re: rpki vs. secure dns? waehlisch at ieee Apr 29, 2012, 12:40 PM
    Re: rpki vs. secure dns? alexb at ripe Apr 29, 2012, 1:38 PM
    Re: rpki vs. secure dns? randy at psg Apr 29, 2012, 2:39 PM
    Re: rpki vs. secure dns? brandon at rd Apr 30, 2012, 7:33 AM
        Re: rpki vs. secure dns? regnauld at nsrc Apr 30, 2012, 7:43 AM
    Re: rpki vs. secure dns? morrowc.lists at gmail Apr 30, 2012, 7:54 PM
    Re: rpki vs. secure dns? rdobbins at arbor May 1, 2012, 4:34 AM
        Re: rpki vs. secure dns? drc at virtualized May 1, 2012, 6:18 AM
    Re: rpki vs. secure dns? rdobbins at arbor May 1, 2012, 8:49 AM
        Re: rpki vs. secure dns? drc at virtualized May 1, 2012, 9:10 AM
    Re: rpki vs. secure dns? vixie at isc May 28, 2012, 3:01 PM
        Re: rpki vs. secure dns? bortzmeyer at nic May 29, 2012, 3:27 AM
            Re: rpki vs. secure dns? vixie at isc May 29, 2012, 4:02 AM
                Re: rpki vs. secure dns? drc at virtualized May 29, 2012, 7:21 AM
    Re: rpki vs. secure dns? alexb at ripe May 29, 2012, 8:23 AM
        Re: rpki vs. secure dns? richard.barnes at gmail May 29, 2012, 9:33 AM
        Re: rpki vs. secure dns? drc at virtualized May 29, 2012, 10:43 AM
        Re: rpki vs. secure dns? shane at castlepoint May 29, 2012, 8:52 PM
    Re: rpki vs. secure dns? alexb at ripe May 29, 2012, 10:05 AM
        Re: rpki vs. secure dns? richard.barnes at gmail May 29, 2012, 10:37 AM
    Re: rpki vs. secure dns? vixie at isc May 29, 2012, 7:44 PM
        Re: rpki vs. secure dns? randy at psg May 29, 2012, 7:55 PM
            Re: rpki vs. secure dns? randy at psg May 29, 2012, 8:00 PM
        Re: rpki vs. secure dns? shane at castlepoint May 29, 2012, 9:24 PM
    Re: rpki vs. secure dns? vixie at isc May 29, 2012, 10:06 PM
        Re: rpki vs. secure dns? randy at psg May 30, 2012, 2:43 AM
        Re: rpki vs. secure dns? sra+nanog at hactrn Jun 1, 2012, 12:18 PM
    Re: rpki vs. secure dns? weiler+lists.nanog at watson Jun 5, 2012, 12:39 PM

  Index | Next | Previous | View Flat
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.