[address-policy-wg] Re: the implications of RPKI certificate revokation
- Previous message (by thread): [address-policy-wg] the implications of RPKI certificate revokation
- Next message (by thread): [address-policy-wg] Re: the implications of RPKI certificate revokation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Brian Nisbet
brian.nisbet at heanet.ie
Thu May 5 10:21:55 CEST 2011
On 05/05/2011 08:45, Jim Reid wrote: > On 4 May 2011, at 17:24, Brian Nisbet wrote: > >> You seem to be imagining a scenario where a national governement would >> just ring up the NCC and say, "revoke these certs." I have seen no >> evidence to suggest this risk is anything close to real. > > I suppose this depends on the definition of "real" and "evidence" Brian. > > If the NCC gets told to revoke a cert -- eg via a Dutch court order or > equivalent -- it will have to do that. It would be sensible to assume > that well-funded and/or litigious organisations might well be minded to > pursue that avenue if they think getting a cert revoked will either > disrupt or shut down some activities they dislike. Or bury their > opponents in legal costs before it gets to the point where a court order > gets issued. Certificates for routing will provide another vector for > these sorts of layer-9 and up attacks. IMO it's foolish to assume or > pretend otherwise. My point was not that the cert could not be revoked (although Sander's follow-up post would suggest that might be the case), rather that it would be a long and difficult process. Certainly far, far more difficult than a government picking up the phone and saying "We are in a state of national emergency/rebellion/worried our citizens are learning things, shut down the Internet now." Brian.
- Previous message (by thread): [address-policy-wg] the implications of RPKI certificate revokation
- Next message (by thread): [address-policy-wg] Re: the implications of RPKI certificate revokation
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]