The reason that the existing BGP setup is so barebones (that is, lacking in any meaningful security beyond simple route filtering) is because introducing more complexity is failure-prone... and not just from error or misconfiguration either. Outages, propagation, malice... there are a lot of ways in which this could break and make things less reliable than they are now.
My main concern is censorship. This would allow the RiRs, via revocations or failures-to-renew a cert for a given address space, to knock a network off of the internet without further human intervention on the part of the peers to which the censored party is directly connected.
Give them this tooling, and their national governments or militaries will demand its use when they are sufficiently angered, agitated, or threatened.
Can you really imagine the US military or DoJ not demanding RiRs use such a tool against e.g. an AS hosting Wikileaks or Snowden files or The Shadow Brokers?
Iām not sure that the current insecure BGP model is broken enough to warrant introducing this new cryptographic fail-closed failure mode.
My main concern is censorship. This would allow the RiRs, via revocations or failures-to-renew a cert for a given address space, to knock a network off of the internet without further human intervention on the part of the peers to which the censored party is directly connected.
Give them this tooling, and their national governments or militaries will demand its use when they are sufficiently angered, agitated, or threatened.
Can you really imagine the US military or DoJ not demanding RiRs use such a tool against e.g. an AS hosting Wikileaks or Snowden files or The Shadow Brokers?
Iām not sure that the current insecure BGP model is broken enough to warrant introducing this new cryptographic fail-closed failure mode.