[152453] in North American Network Operators' Group
Re: rpki vs. secure dns?
daemon@ATHENA.MIT.EDU (Dmitry Burkov)
Mon Apr 30 11:17:01 2012
From: Dmitry Burkov <dburk@burkov.aha.ru>
In-Reply-To: <DB5B6839-CB35-4227-B909-88BB84B54770@tcb.net>
Date: Mon, 30 Apr 2012 19:16:10 +0400
To: Danny McPherson <danny@tcb.net>
Cc: "nanog@nanog.org list" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Danny,=20
just one more comment.
So named vendor's support can be the worst case when there are no =
practical ways to deploy and it is absolutely
not clear - should we follow this hierarchical model - I think it is =
the key point as we pushed ourselves by inertia to this way of thinking.
Imho - it is way to nowhere in such form
We need more flexible, distributed architecture behind - no matter - =
which interests will be lobbied as we have got already.
On Apr 30, 2012, at 6:53 PM, Danny McPherson wrote:
>=20
> On Apr 28, 2012, at 6:34 AM, Alex Band wrote:
>=20
>> All in all, RPKI has really good traction and with native router =
support in Cisco, Juniper and Quagga, this is only getting better.=20
>=20
> We should be more careful with statements such as this, they're =
conflating important things that add to the confusion in this area.
>=20
> None of these implementations support "RPKI" today. What they support =
is a new protocol for onboarding routing policy data (some call this a =
[VRP], essentially prefix,origin bindings) into soft state in a router.
>=20
> -danny
>=20
> [VRP] https://ripe64.ripe.net/presentations/74-120417.sidr-origin.pdf
>=20
