[governance] What is RPKI and why should you care about it?

Karl Auerbach karl at cavebear.com
Sat Sep 11 20:27:52 EDT 2010 

On 09/11/2010 06:14 AM, Milton L Mueller wrote:

> That’s the rationale behind our Workshop on “Routing and Resource
> Certification.” It’s about the resource public key infrastructure (RPKI)
> being proposed and implemented to secure the Internet's routing and
> addressing system.

You are right in saying that those are significant matters - matters 
that could give, in the extreme case, the power to turn-off certain 
parts of the net (or rather, turn off information needed for packets 
flowing *to* certain parts of the net to find their way.)

You say the Internet's routing and addressing system" - I note the use 
of the singular form.  In practice there is not a single routing system 
- there are fairly standard protocols (most particularly BGP) but those 
are carrier-to-carrier rather than a unified mesh.  And there is an 
overlay of unilateral, bi-lateral, and multi-lateral agreements (human 
agreements turned into router configuration settings) that overlay the 
information that is moved by things like BGP.  And, of course, we are 
seeing a trend in which large content providers (like Google) have their 
own private networks that they hook directly to large edge network 
providers (such as Comcast) thus bypassing intermediate carriers.

Like fake-source email there is a problem with false or improper 
announcements of routing information.  (I'm dealing with that kind of 
problem myself - someone to whom I lent some address space some years 
ago is refusing to stop advertising his use of the space - that suggests 
that the issue goes deeper than "false identity" and can reach to 
whether the entity announcing routing information is empowered to do so.)

Regarding the other use of the singular form to "addressing" - with the 
increasing use of network address translation (there is even demand for 
it in IPv6) it is becoming increasingly hard to say which is the dog and 
which is the tail - is the "public" IP address space becoming merely a 
means to connect "private" address spaces?

I ask that latter question with an intent to suggest that we might see a 
future internet that is more "lumpy" than we see today.  The end-to-end 
principle may fade and be replaced by an internet in which rather than 
packets flowing unvexed end-to-end we see certain applications being 
bridged across boundaries that vanilla IP packets can not leap.  In 
other words the internet may evolve from being a seamless IP packet 
transport and become something more like the mobile telephone networks - 
certain basic features will work across providers but only because the 
providers build explicit (although often hidden from user view) bridges 
among themselves.

I have been slowly writing a note on how our perception of the internet 
is changing.  We who have been on the net for a long time tend to view 
it as a means of moving IP packets from one IP address to another.  Yet 
most people who have come to the net since, say 1995, tend to view the 
net not as a means of packet exchange but, rather, as a platform for 
certain applications.

That shift of perception, from packet-mesh to application-platform, 
radically changes our view of what is important to preserve on the net 
and also changes the points where pressure may be applied for purposes 
of imposing regulation/governance or creating anti-competitive regimes.

	--karl--
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list