[153034] in North American Network Operators' Group
Re: rpki vs. secure dns?
daemon@ATHENA.MIT.EDU (David Conrad)
Mon May 28 17:43:17 2012
From: David Conrad <drc@virtualized.org>
In-Reply-To: <g38vgc81jj.fsf@nsa.vix.com>
Date: Mon, 28 May 2012 14:42:40 -0700
To: Paul Vixie <vixie@isc.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On May 28, 2012, at 1:59 PM, Paul Vixie wrote:
> third, rsync's dependencies on routing (as in the RPKI+ROA case) are =
not
> circular (which i think was david conrad's point but i'll drag it to =
here.)
Nope. My point was that anything that uses the Internet to fetch the =
data (including rsync) has a circular dependency on routing. It's just a =
question of timing.
> ROVER expects that we will query for policy at the instant of need.
Might want to review =
https://ripe64.ripe.net/presentations/57-ROVER_RIPE_Apr_2012.pdf, =
particularly the slide entitled "Avoid a Cyclic Dependency".
As far as I can tell, ROVER is simply Yet Another RPKI Access Method =
like rsync and bittorrent with its own positives and negatives. =20
Regards,
-drc
