On 1/21/2021 5:02 PM, Phillip Hallam-Baker wrote:
On Thu, Jan 21, 2021 at 2:56 PM Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote:
Putting two things together:
On 22-Jan-21 07:57, Phillip Hallam-Baker wrote:
...
> A ULA->Public key registry provides exactly the right degree of incentive. It allows us to take an area that is currently flaky as heck and make it 'just work'. That area is VPN access.
Yes, but afaik you (or I) can't claim ownership of random numbers. So if my ULA prefix is fd63:45eb:dc14::/48 and I provide a public key for it, what's to stop you using the same prefix and providing your own public key for it?
The registry undertakes to only issue each prefix once and bind it to a public key specified by the holder.
The registry publishes the allocation in an append only log which is attested by a blockchain type technique. So there is (almost) no scope for the registry to defect.
How do you protect the registry against a Sybil attack?
-- Christian Huitema
