[135404] in North American Network Operators' Group
Re: [arin-announce] ARIN Resource Certification Update
daemon@ATHENA.MIT.EDU (Joe Abley)
Mon Jan 24 21:07:11 2011
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <BA751A64-E737-436E-B210-A3A4BBDB6E69@tcb.net>
Date: Mon, 24 Jan 2011 21:06:54 -0500
To: Danny McPherson <danny@tcb.net>
X-SA-Exim-Mail-From: jabley@hopcount.ca
Cc: NANOG Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2011-01-24, at 20:59, Danny McPherson wrote:
> On Jan 24, 2011, at 8:48 PM, Randy Bush wrote:
>=20
>>> And now that DNSSEC is deployed
>>=20
>> and you are not sharing what you are smoking
>=20
> root and .arpa are signed, well on the way, particularly relative=20
> to RPKI.
>=20
> Incremental cost of signing in-addr.arpa using a deployed DNS=20
> system as opposed to continuing development, deployment and=20
> operationalizing and dealing with all the political issues with=20
> deploying a new RPKI system -- hrmm.
IN-ADDR.ARPA will be signed relatively soon, as part of the work =
described here:
http://in-addr-transition.icann.org/
Timeline to follow, here and other similar lists, some time relatively =
soon. But I'm curious about your thoughts on the case I mentioned in my =
last message. I don't think the existence of a secure delegation chain =
from the root down to operator of the last sub-allocated address block =
is all that is required, here.
Joe=
