For example, RIPE has route6 and inet6num. It can be queried and verified at any time.RIPE now has a large number of people who are not LIRs but actually use IP networks. I mean promoting security should be available to everyone. Since you are assigning IP addresses to non-LIRs for use, you should provide security capabilities to anyone who actually manages the use of the IP addresses.
 
From: Arturo Servin <arturolev@google.com>
To: "xiaoyu.net" <yon@xiaoyu.net>
Cc: manrs-community@elists.manrs.org
Date: Wed, 13 Nov 2024 16:19:46 +0100
Subject: Re: [manrs-community] Implementing Decentralized RPKI with Blockchain Technology
 
 
How do you propose to validate that the IPs that a given holder is claiming as them, really belong to them?
 
Regards
as
 
On Wed, Nov 13, 2024 at 4:15 PM xiaoyu.net via Manrs-community <manrs-community@elists.manrs.org> wrote:
 
    I think at least manrs.org should do something. Set up a certification node. To help those who are not LIRs but have IP addresses to easily deploy and update RPKI. Deploying RPKI should be easier and that is what we need to work towards. In addition, RIRs should be encouraged to open RPKI deployment to all those who own and manage IP for free.
 
 
From: "Brandon Z." <Brandon@huize.asia>
To: Brandon Zhi <Brandon@huize.asia>
Cc: North American Network Operators' Group <nanog@nanog.org>, manrs-community@elists.manrs.org
Date: Wed, 13 Nov 2024 09:39:03 -0500
Subject: [manrs-community] Implementing Decentralized RPKI with Blockchain Technology
 
Hi there,

Currently, due to political factors, some countries are not particularly proactive in deploying RPKI. Imagine if the RIR of a region were forced to revoke all IP resources of a particular country from RPKI, effectively isolating that country from the global internet.

To address this, one approach is for autonomous networks within a region to establish two trusted RPKI CA servers: one from the major RIRs and another locally managed. The locally managed CA would take precedence, allowing autonomous networks to submit their IP resources to the RPKI server of their peers (and potentially backed by a national mandate to trust this CA). This setup could prevent a scenario where an entire country’s IP resources are revoked, leading to all IPs being marked as invalid.

Another concept is to use blockchain technology. While cryptocurrencies use computational power to verify ownership, BGP could use peer count. If an IP resource is marked as valid by a majority of high-influence networks (with many peers), it could be trusted by the entire internet.

Could this approach work? Perhaps there’s existing research on similar methods?
Brandon Z.
HUIZE LTD
This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.

************************************

Our Mail Server Support IPv6 & IPv4

************************************
--
Manrs-community mailing list
Manrs-community@elists.manrs.org
https://elists.manrs.org/mailman/listinfo/manrs-community

************************************

Our Mail Server Support IPv6 & IPv4

************************************