[153071] in North American Network Operators' Group
Re: rpki vs. secure dns?
daemon@ATHENA.MIT.EDU (David Conrad)
Tue May 29 10:22:37 2012
From: David Conrad <drc@virtualized.org>
In-Reply-To: <4FC4ACCE.6000903@isc.org>
Date: Tue, 29 May 2012 07:21:35 -0700
To: paul vixie <vixie@isc.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On May 29, 2012, at 4:02 AM, paul vixie wrote:
>>> i can tell more than that. rover is a system that only works at all
>>> when everything everywhere is working well, and when changes always
>>> come in perfect time-order,
>> Exactly like DNSSEC.=20
>=20
> no. dnssec for a response only needs that response's delegation and
> signing path to work, not "everything everywhere".
My impression was that ROVER does not need "everything, everywhere" to =
work to fetch the routing information for a particular prefix -- it =
merely needs sufficient routing information to follow the delegation and =
signing path for the prefix it is looking up. However, I'll admit I =
haven't looked into this in any particular depth so I'm probably wrong.
Regards,
-drc
