[135411] in North American Network Operators' Group
Re: [arin-announce] ARIN Resource Certification Update
daemon@ATHENA.MIT.EDU (Randy Bush)
Mon Jan 24 21:31:15 2011
Date: Tue, 25 Jan 2011 11:31:31 +0900
From: Randy Bush <randy@psg.com>
To: Danny McPherson <danny@tcb.net>
In-Reply-To: <01A0ED8C-B925-4748-89C0-95842A082EAC@tcb.net>
Cc: NANOG Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> Right, I've heard the circular dependency arguments. So, are you
> suggesting the RPKI isn't going to rely on DNS at all?
correct. it need not.
> I'm of the belief RPKI should NOT be on the critical path, but instead
> focus on Internet number resource certification - are you suggesting
> otherwise?
<channeling steve kent>
see the word 'certification'? guess where that leads. pki. add
resources and stir.
>> if the latter, then you have the problem that the dns trust model is
>> not congruent with the routing and address trust model.
> That could be easily fixed with trivial tweaks and transitive trust/
> delegation graphs that are, I suspect.
not bloody likely. the folk who sign dns zones are not even in the same
building as the folk who deal with address space. in large isps, not
even in the same town.
randy
