nanog mailing list archives

Re: rpki vs. secure dns?

From: Alex Band <alexb () ripe net>
Date: Sat, 28 Apr 2012 20:14:27 +0200


On 28 Apr 2012, at 19:45, Nick Hilliard wrote:

On 28/04/2012 18:27, Phil Regnauld wrote:

     To me that seems like the most obvious problem, but as Alex put it,
     "Everyone has the ability to apply an override on data they do not trust,
     or have a specific local policy for."


So what do you suggest to do with a roa lookup which returns "Invalid"?


In case you feel a BGP announcement should not be "RPKI Invalid" but something else, you do what's described on slide 
15-17:

https://ripe64.ripe.net/presentations/77-RIPE64-Plenery-RPKI.pdf

-Alex

Current thread:

Re: rpki vs. secure dns?, (continued)
- Re: rpki vs. secure dns? Matthias Waehlisch (Apr 28)
- Re: rpki vs. secure dns? Florian Weimer (Apr 28)
  - Re: rpki vs. secure dns? Randy Bush (Apr 28)
  - Re: rpki vs. secure dns? Alex Band (Apr 28)
    - Re: rpki vs. secure dns? Florian Weimer (Apr 28)
    - Re: rpki vs. secure dns? Alex Band (Apr 28)
    - Re: rpki vs. secure dns? Florian Weimer (Apr 28)
    - Re: rpki vs. secure dns? Nick Hilliard (Apr 28)
    - Re: rpki vs. secure dns? Phil Regnauld (Apr 28)
    - Re: rpki vs. secure dns? Nick Hilliard (Apr 28)
    - Re: rpki vs. secure dns? Alex Band (Apr 28)
    - Re: rpki vs. secure dns? Rubens Kuhl (Apr 28)
    - Re: rpki vs. secure dns? Phil Regnauld (Apr 28)
    - Re: rpki vs. secure dns? Alex Band (Apr 29)
    - Re: rpki vs. secure dns? Jennifer Rexford (Apr 29)
    - Message not available
    - Re: rpki vs. secure dns? Stephane Bortzmeyer (Apr 29)
    - Re: rpki vs. secure dns? Matthias Waehlisch (Apr 29)
    - Re: rpki vs. secure dns? David Conrad (Apr 29)
    - Re: rpki vs. secure dns? Alex Band (Apr 29)
    - Re: rpki vs. secure dns? Randy Bush (Apr 29)
    - Re: rpki vs. secure dns? Nick Hilliard (Apr 29)

(Thread continues...)