PKI is all politics. A PKI is a political infrastructure. Saying that politics and business rules are out of scope when you propose a PKI design is basically saying that you aren't going to look at any of the issues that are relevant to the design. Sandra Murphy is right when she says that political and business fears don't have to be rooted in 'technical truth' (whatever that is). They do not have to be grounded in any form of reality. They can be completely and utterly unreasonable. And they can be held by people who have the ability to totally block any chance of deployment. 'Trust me' is not a convincing argument in this context. Unless you hadn't noticed, cyber-conflict is now real. Back during the last US Presidential election I was advised that both campaigns had been penetrated in attacks originating from a Chinese government agency. The examples that are making the press are only some of the attacks taking place. Attacks originating in the US do not get as much attention. In this environment it seems rather naive to believe that these parties can be persuaded to acquiesce to the deployment of a PKI that requires their participation. Not changing the political or business relationships of the parties has to be a criteria in the design of any global information infrastructure if deployment is going to have a chance of success. On Mon, Feb 15, 2010 at 7:01 PM, SM <sm@xxxxxxxxxxxx> wrote: > At 16:50 14-02-10, Masataka Ohta wrote: >> >> Perhaps, a threat will be by an ISP trying to advertise someone >> else's address range as its own. > > Quoting Sandra Murphy [1]: > > "Political and business fears don't have to be rooted in technical > truth, unfortunately." > > At 19:48 14-02-10, Phillip Hallam-Baker wrote: >> >> I don't think that any member of the IAB would claim that their >> expertise in the PKI field precluded debate. > > Your message did not make it to the IETF mailing list. > > I am not privy to all the details to argue against an IAB statement. This > should not be read as a licence to kill. :-) > >> This is not a technical issue, it is a political issue. IANA and ICANN >> have a really, really bad record when it comes to setting up root >> authorities. Any plan that requires their involvement is going to take >> considerably more time and effort than one where their involvement is >> optional. > > Any long-term consequence will be of a political nature. It goes beyond the > IANA function and ICANN. The conventional world is used to having some form > of authority for regulation. The "routing by rumor" approach does not fit > that view. Some considerations may seem far-fetched. I'll leave it as > such. > >> There are five RIRs, this number is not going to increase in the short >> term. Participation of the RIRs is critical for an authoritative >> system. Participation of ICANN is not. > > It's up to the interested parties to work out the details. > >> The risk of including ICANN is that misguided or not, there are lots >> of people who have concerns as to the power that the US exercises over >> the Internet through their defacto control of ICANN. One common >> concern is that the US could use such control to ensure that US ISPs >> were favored in the distribution of the remaining IPv4 blocks. > > I don't think that the distribution of the remaining IPv4 blocks is that > much of an issue. > > I would not draw parallels between DNS and IDR as the dynamics are > different. I don't assume that the goal is always about wrecking havoc. > These are classic threats that RPKI can address. > > Regards, > -sm > > 1. http://www.ietf.org/mail-archive/web/sidr/current/msg01099.html > -- -- New Website: http://hallambaker.com/ View Quantum of Stupid podcasts, Tuesday and Thursday each week, http://quantumofstupid.com/ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf