[152440] in North American Network Operators' Group
Re: rpki vs. secure dns?
daemon@ATHENA.MIT.EDU (Randy Bush)
Sun Apr 29 17:39:41 2012
Date: Sun, 29 Apr 2012 17:39:06 -0400
From: Randy Bush <randy@psg.com>
To: David Conrad <drc@virtualized.org>
In-Reply-To: <C52DD1FB-987B-466B-AB00-9098608B67BC@virtualized.org>
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> As Randy points out, this is not unique to SIDR-defined RPKI. It is
> applicable to any top-down hierarchical authorization mechanism.
> Security has (non-monetary) costs.
as this derives from address space ownership's dependence on the current
hierarchic administrative allocation model, to fix it merely change the
administrative model or our trust model that depends on that hierarchy.
randy
