[135409] in North American Network Operators' Group
Re: [arin-announce] ARIN Resource Certification Update
daemon@ATHENA.MIT.EDU (Richard Barnes)
Mon Jan 24 21:21:21 2011
In-Reply-To: <BD1C3FBF-F5E5-4D8A-A95F-263255EA8E0C@tcb.net>
Date: Mon, 24 Jan 2011 21:21:15 -0500
From: Richard Barnes <richard.barnes@gmail.com>
To: Danny McPherson <danny@tcb.net>
Cc: NANOG Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Jan 24, 2011 at 9:16 PM, Danny McPherson <danny@tcb.net> wrote:
>
> On Jan 24, 2011, at 9:02 PM, Joe Abley wrote:
>>
>> In this case the DNS delegations go directly from RIR to C; there's no o=
pportunity for A or B to sign intermediate zones, and hence no opportunity =
for them to indicate the legitimacy of the allocation.
>>
>> As a thought experiment, how would you see this working?
>
> New prefix-based RRs? =A0And perhaps even a new .arpa or
> in-addr.arpa subdomain, the draft Randy referenced even
> discussed the latter, IIRC.
>
> -danny
The more you have to invent, though, the more this sounds like a
bike-shed discussion.
s/DNSSEC/X.509/g
s/delegating reverse "prefix" zone/signing RPKI delegation certificate/g
