nanog mailing list archives
Re: AS8584 taking over the internet
From: "Sean M. Doran" <smd () clock org>
Date: Thu, 9 Apr 1998 16:36:19 -0700
Scott, the DNS is in this use simply a distributed database, that with DNSSEC seems reasonably secure. The heirarchy in the DNS-protocol-using distributed database used for IP address to origin AS mapping need not branch off the DNS-protocol- using distributed database used for domain name->address mapping and the like, which we normally just call the DNS. Remember moreover that what one is doing is simply grabbing entries from a distributed database which can be used to synthesize a table which would be consulted by BGP border routers in determining whether to accept or reject a route. One could conceivably have a single zone which could be snarfed from well known places using the latest in authenticated file transfers. However, decentralization of work already happens in the transfer of IP address blocks from regional registries to local registries to more local registries still, and it seems to make sense to simultaneously distribute the work of maintaining the address-block-to-originating-AS map as well. Therefore, what one wants is a "root" which one can find at well known places and can retreive using the latest in authenticated file transfers, and which allows one to follow an authenticated tree of delegated zones in building a local table of mappings. Whether this "root" is really a parallel "." or something else seems academic; one will require the same mechanism to retrieve a cryptographically-authenticated copy of the "root" from well known sources that can prove, cryptographically, who they are. The solution proposed is incomplete, certainly, but not because of possible political instabilities in what we call the DNS. I am not sure why you raise the issue of trusting IP registries to delegate authority for any given subzone along with the addresses themselves. This doesn't seem to make sense. Perhaps you could explain this concern a little more concretely? Sean.
Current thread:
- Re: AS8584 taking over the internet, (continued)
- Re: AS8584 taking over the internet Gary E. Miller (Apr 08)
- Re: AS8584 taking over the internet Curt Howland (Apr 08)
- Re: AS8584 taking over the internet Hank Nussbacher (Apr 09)
- Re: AS8584 taking over the internet Jerry Scharf (Apr 09)
- Filtering (was Re: AS8584 taking over the internet ) Alex Bligh (Apr 09)
- Re: AS8584 taking over the internet Scott Huddle (Apr 09)
- Re: AS8584 taking over the internet Randy Bush (Apr 09)
- Re: AS8584 taking over the internet Jerry Scharf (Apr 09)
- Re: AS8584 taking over the internet Scott Huddle (Apr 09)
- Re: AS8584 taking over the internet Randy Bush (Apr 09)
- Re: AS8584 taking over the internet Sean M. Doran (Apr 09)
- Re: AS8584 taking over the internet Tim Salo (Apr 09)
- Re: AS8584 taking over the internet Joe Provo - Network Architect (Apr 09)
- Re: AS8584 taking over the internet Hank Nussbacher (Apr 10)
- Re: AS8584 taking over the internet Randy Bush (Apr 10)
- Re: AS8584 taking over the internet davidk (Apr 10)
- Re: AS8584 taking over the internet Tony Li (Apr 10)
- Re: AS8584 taking over the internet Randy Bush (Apr 10)
- RE: AS8584 taking over the internet Dave Van Allen (Apr 10)
- Re: AS8584 taking over the internet Henry Linneweh (Apr 10)
- RE: AS8584 taking over the internet Randy Bush (Apr 10)
- RE: AS8584 taking over the internet Goldstein_William (Apr 10)
(Thread continues...)