[152437] in North American Network Operators' Group
Re: rpki vs. secure dns?
daemon@ATHENA.MIT.EDU (Nick Hilliard)
Sun Apr 29 16:09:00 2012
X-Envelope-To: <nanog@nanog.org>
Date: Sun, 29 Apr 2012 21:08:20 +0100
From: Nick Hilliard <nick@foobar.org>
To: nanog@nanog.org
In-Reply-To: <E2519DBA-2A15-48F4-B32C-A8C346BC1AE1@ripe.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 29/04/2012 16:16, Alex Band wrote:
> All in all, for an RPKI-specific court order to be effective in taking a
> network offline, the RIR would have to tamper with the registry, inject
> false data and try to make sure it's not detected so nobody applies a
> local override.
You mean, like an FBI domain seizure on the basis of a US court order?
Realistically, it doesn't matter a whole lot if the occasional network here
or there applies a local override. If their upstream transit provider
isn't carrying the prefix (on the basis of similar simultaneous court
orders), it's game over for that prefix.
Nick
