Re: [arin-announce] ARIN Resource Certification Update

[Christopher Morrow <morrowc.lists () gmail com>]

On Mon, Jan 24, 2011 at 11:27 PM, Steven Bellovin <smb () cs columbia edu> wrote:
> On Jan 24, 2011, at 10:31 30PM, Christopher Morrow wrote:

> > it's not the best example, but I know that at UUNET there were plenty
> > of examples of the in-addr tree not really following the BGP path.
> The other essential point is that routers don't do RPKI queries in
> real-time; rather, they have a copy of the entire RPKI database, which
> they update as needed.  In other words, the operational model doesn't
> fit the way the DNS works.

sure, I was just adding fuel to jabley's in-addr graphing. thinking of
using DNS is tempting, but there seem to be some corner cases that
would cause hackery, so why not try to do it 'right' originally
instead of using that shoe-horn?

-chris
(eh.. for the record, I do participate in the SIDR-wg which is trying
to do this with the rPKI, so I am a little biased I suppose)