nanog mailing list archives
Re: [arin-announce] ARIN Resource Certification Update
From: Danny McPherson <danny () tcb net>
Date: Mon, 24 Jan 2011 21:24:06 -0500
On Jan 24, 2011, at 9:14 PM, Randy Bush wrote:
you want certificates etc? or did you plan to reuse dns keys?
I suspect the former, reusing much of the SIDR machinery perhaps, although....
if the former, than all you are discussing is changing the transport to make routing security rely on dns and dns security. not a really great plan.
Right, I've heard the circular dependency arguments. So, are you suggesting the RPKI isn't going to rely on DNS at all? I'm of the belief RPKI should NOT be on the critical path, but instead focus on Internet number resource certification - are you suggesting otherwise?
if the latter, then you have the problem that the dns trust model is not congruent with the routing and address trust model.
That could be easily fixed with trivial tweaks and transitive trust/ delegation graphs that are, I suspect. -danny
Current thread:
- Re: Fwd: [arin-announce] ARIN Resource Certification Update, (continued)
- Re: Fwd: [arin-announce] ARIN Resource Certification Update Randy Bush (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Danny McPherson (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Randy Bush (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Danny McPherson (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Randy Bush (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Danny McPherson (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Joe Abley (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Roland Dobbins (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Richard Barnes (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Randy Bush (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Danny McPherson (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Randy Bush (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Roland Dobbins (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Randy Bush (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Danny McPherson (Jan 24)
- Message not available
- Re: [arin-announce] ARIN Resource Certification Update Randy Bush (Jan 27)
- Re: Fwd: [arin-announce] ARIN Resource Certification Update Randy Bush (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Roland Dobbins (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Joe Abley (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Danny McPherson (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Richard Barnes (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Danny McPherson (Jan 24)
- Re: [arin-announce] ARIN Resource Certification Update Christopher Morrow (Jan 24)