[152460] in North American Network Operators' Group
Re: rpki vs. secure dns?
daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Apr 30 17:05:33 2012
From: Florian Weimer <fw@deneb.enyo.de>
To: Nanog <nanog@nanog.org>
Date: Mon, 30 Apr 2012 23:04:16 +0200
In-Reply-To: <E2519DBA-2A15-48F4-B32C-A8C346BC1AE1@ripe.net> (Alex Band's
message of "Sun, 29 Apr 2012 17:16:39 +0200")
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
* Alex Band:
> All in all, for an RPKI-specific court order to be effective in
> taking a network offline, the RIR would have to tamper with the
> registry, inject false data and try to make sure it's not detected
> so nobody applies a local override.
Please keep in mind that this is what's happening with DNS: registries
are not only forced by the courts to remove delegations, but to
delegate names to specific parties.
On the other hand, it's not entirely clear whether this is such a bad
thing.
