[153062] in North American Network Operators' Group
Re: rpki vs. secure dns?
daemon@ATHENA.MIT.EDU (Stephane Bortzmeyer)
Tue May 29 06:31:38 2012
Date: Tue, 29 May 2012 12:30:06 +0200
From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
To: Paul Vixie <vixie@isc.org>
In-Reply-To: <g38vgc81jj.fsf@nsa.vix.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, May 28, 2012 at 08:59:28PM +0000,
Paul Vixie <vixie@isc.org> wrote
a message of 43 lines which said:
> ROVER expects that we will query for policy at the instant of
> need. that's nuts for a lot of reasons, one of which is its
> potentially and unmanageably circular dependency on the acceptance
> of a route you don't know how to accept or reject yet.
If someone starts to announce 2001:db8:f00::/48 *and* all the name
servers for 0.0.f.0.8.b.d.0.1.0.0.2.ip6.arpa are in 2001:db8:f00::/48,
then I suggest that he is wrong, not Rover...
