[145278] in North American Network Operators' Group
..."my" Internet... snicker :)
daemon@ATHENA.MIT.EDU (bmanning@vacation.karoshi.com)
Mon Oct 3 10:44:51 2011
Date: Mon, 3 Oct 2011 14:42:21 +0000
From: bmanning@vacation.karoshi.com
To: Todd Underwood <toddunder@gmail.com>
In-Reply-To: <CAB2RJyhtw=SNaQkDOgij=XS9iMtoQx2SyrPp8eXt-5Y7rmOTGQ@mail.gmail.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Oct 03, 2011 at 10:30:47AM -0400, Todd Underwood wrote:
> > User Exercise: What happens when you enable integrity checking in an
> > application (e.g., 'dnssec-validation auto') and datapath manipulation
> > persists? Bonus points for analysis of implementation and deployment
> > behaviors and resulting systemic effects.
> >
>
> i agree with danny here.
>
> ignoring randy (and others) off-topic comments about hypocrisy, this
> situation is fundamentally a situation of bad (or different) network
> policy being applied outside of its scope. i would prefer that china
> not censor the internet, sure. but i really require that china not
> censor *my* internet when i'm not in china.
>
> t
well, not to disagree - BUT.... the sole reason we have
BGP and use ASNs the way we do is to ensure/enforce local
policy. It is, after all, an AUTONOMOUS SYSTEM number.
One sets policy at its boundaries on what/how to accept/reject/modify
traffic crossing the boundary.
If you dont -like- the ASN policy - then don't use/traverse that
ASN.
and rPKI has the same problems as DNSSEC. lack of uniform use/implementation
is going to be a huge party - full of fun & games.
/bill
