nanog mailing list archives

Previous By Date Next
Previous By Thread Next

..."my" Internet... snicker :)

From: bmanning () vacation karoshi com
Date: Mon, 3 Oct 2011 14:42:21 +0000
On Mon, Oct 03, 2011 at 10:30:47AM -0400, Todd Underwood wrote:

User Exercise:  What happens when you enable integrity checking in an
application (e.g., 'dnssec-validation auto') and datapath manipulation
persists?  Bonus points for analysis of implementation and deployment
behaviors and resulting systemic effects.



i agree with danny here.

ignoring randy (and others) off-topic comments about hypocrisy, this
situation is fundamentally a situation of bad (or different) network
policy being applied outside of its scope.  i would prefer that china
not censor the internet, sure.  but i really require that china not
censor *my* internet when i'm not in china.

t


        well, not to disagree - BUT....  the sole reason we have
        BGP and use ASNs the way we do is to ensure/enforce local
        policy.  It is, after all, an AUTONOMOUS SYSTEM number.
        One sets policy at its boundaries on what/how to accept/reject/modify
        traffic crossing the boundary.

        If you dont -like- the ASN policy - then don't use/traverse that
        ASN. 

        and rPKI has the same problems as DNSSEC.  lack of uniform use/implementation
        is going to be a huge party - full of fun & games.

/bill
Previous By Date Next
Previous By Thread Next

Current thread: