[152427] in North American Network Operators' Group
Re: rpki vs. secure dns?
daemon@ATHENA.MIT.EDU (Rubens Kuhl)
Sat Apr 28 15:22:17 2012
In-Reply-To: <99047008-B5DE-48DA-AD21-700C3CB7B8C5@ripe.net>
Date: Sat, 28 Apr 2012 16:21:34 -0300
From: Rubens Kuhl <rubensk@gmail.com>
To: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> In case you feel a BGP announcement should not be "RPKI Invalid" but something else, you do what's described on slide 15-17:
>
> https://ripe64.ripe.net/presentations/77-RIPE64-Plenery-RPKI.pdf
The same currently happens with DNSSEC, doing what Comcast calls
"negative trust anchors":
http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-01
Rubens
