[153124] in North American Network Operators' Group
Re: rpki vs. secure dns?
daemon@ATHENA.MIT.EDU (Randy Bush)
Wed May 30 05:44:53 2012
Date: Wed, 30 May 2012 18:43:53 +0900
From: Randy Bush <randy@psg.com>
To: Paul Vixie <vixie@isc.org>
In-Reply-To: <4FC5AAEA.103@isc.org>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>> I would also ask people to expand their minds beyond the "it must
>> have a (near-)real-time mechanism" directly coupled to the Control
>> Plane" for a variety of reasons. Such a tight coupling of /any/ two
>> systems inevitably, and unfortunately, will only fail at scale in
>> ways that likely would never have been predicted a priori[1] --
> i think you're paying insufficient attention to this discussion, if
> you think that failure predictions have not already been well made
> with respect to the rover approach to routing security.
rfc 3439, the most complex document about simplicity you can imagine
randy
