How do you propose to validate that the IPs that a given holder is claiming as them, really belong to them? There are existing repositories of routing information that are not linked to RIRs (e.g. RADB), they could easily create a CA and sign ROAs, some might even trust RADB enough to use it. But the issue with that (as it is with no-RIR IRR) is how to verify the right holders of an IP resource. Regards as On Wed, Nov 13, 2024 at 4:19 PM Arturo Servin <arturolev@google.com> wrote:

How do you propose to validate that the IPs that a given holder is claiming as them, really belong to them?

Regards as

On Wed, Nov 13, 2024 at 4:15 PM xiaoyu.net via Manrs-community < manrs-community@elists.manrs.org> wrote:

...

I think at least manrs.org should do something. Set up a certification node. To help those who are not LIRs but have IP addresses to easily deploy and update RPKI. Deploying RPKI should be easier and that is what we need to work towards. In addition, RIRs should be encouraged to open RPKI deployment to all those who own and manage IP for free.

From: "Brandon Z." <Brandon@huize.asia> To: Brandon Zhi <Brandon@huize.asia> Cc: North American Network Operators' Group <nanog@nanog.org>, manrs-community@elists.manrs.org Date: Wed, 13 Nov 2024 09:39:03 -0500 Subject: [manrs-community] Implementing Decentralized RPKI with Blockchain Technology

Hi there,

Currently, due to political factors, some countries are not particularly proactive in deploying RPKI. Imagine if the RIR of a region were forced to revoke all IP resources of a particular country from RPKI, effectively isolating that country from the global internet.

To address this, one approach is for autonomous networks within a region to establish two trusted RPKI CA servers: one from the major RIRs and another locally managed. The locally managed CA would take precedence, allowing autonomous networks to submit their IP resources to the RPKI server of their peers (and potentially backed by a national mandate to trust this CA). This setup could prevent a scenario where an entire country’s IP resources are revoked, leading to all IPs being marked as invalid.

Another concept is to use blockchain technology. While cryptocurrencies use computational power to verify ownership, BGP could use peer count. If an IP resource is marked as valid by a majority of high-influence networks (with many peers), it could be trusted by the entire internet.

Could this approach work? Perhaps there’s existing research on similar methods? *Brandon Z.* HUIZE LTD www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.

************************************

Our Mail Server Support IPv6 & IPv4

************************************ -- Manrs-community mailing list Manrs-community@elists.manrs.org https://elists.manrs.org/mailman/listinfo/manrs-community