Sharon,
-- We show that it is possible to revoke a ROA surreptitiously,
through methods other than (the obvious) revocation lists. See Section
2.2.1 of the report.
The terminology above is not quite correct, since only one of the five
"methods" results in revocation per se. I suggest using the technical
term "whacking" instead. (You're a Princeton grad, so a NJ-inspired term
of this sort seems appropriate :-.)
Nonetheless, all of the methods for whacking a ROA described in the
paper are detectable
by anyone who monitors the RPKI. One might argue that each resource
holder should monitor
his/her RPKI pub point to detect any action that causes one's ROA to
become unverifiable.
That's a very easy check, to perform. Also, the scenario addressed in
2.2.1 is specific to
a very narrowly-defined class of resource holders who elected the third
of three approaches
(not the preferred approach) to participating in the RPKI.
-- We show that targeted revocation can be accomplished by entities
other than a ROA's issuer, some of which may control many ROAs. The
means by which this is accomplished often looks similar to
grandparenting. See Sections 2.2.2, 2.2.3, and 2.3 of the report.
As above, the actions described in these sections are all easily
detectable by
the targeted entity. So, the question is what that entity would/could do
if it
detects this sort of activity by its parent (or grandparent). Unless the
parent
was compelled to whack a ROA by a LEO, there is likely to be a legal
remedy that
can be invoked. if a LEO is involved, then the situation is more
complex, but I've
been working on a memo that describes remedies for that context as well.
I'll share
it when it's been vetted by some more folks.
Steve
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
