[135406] in North American Network Operators' Group
Re: [arin-announce] ARIN Resource Certification Update
daemon@ATHENA.MIT.EDU (Randy Bush)
Mon Jan 24 21:14:14 2011
Date: Tue, 25 Jan 2011 11:14:28 +0900
From: Randy Bush <randy@psg.com>
To: Danny McPherson <danny@tcb.net>
In-Reply-To: <BA751A64-E737-436E-B210-A3A4BBDB6E69@tcb.net>
Cc: NANOG Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> I just don't like the notion of deploying a brand new system
you want certificates etc? or did you plan to reuse dns keys?
if the former, than all you are discussing is changing the transport to
make routing security rely on dns and dns security. not a really great
plan.
if the latter, then you have the problem that the dns trust model is not
congruent with the routing and address trust model.
randy
