nanog mailing list archives
Re: ROVER routing security - its not enumeration
From: Shane Amante <shane () castlepoint net>
Date: Tue, 5 Jun 2012 13:26:32 -0600
One correction below. On Jun 5, 2012, at 12:42 PM, Daniel Massey wrote: [--snip--]
I think the first step is to step back and ask whether every operational model needs enumeration. For example, the talk yesterday by Level3 used the DNS and IRR did not need such an enumeration.
To clarify the above, the IRR _does_ provide an enumerated list of "Candidate" (IP prefix + Origin_AS) pairs. The second step is to walk through those "Candidate" pairs and ask DNSSEC, in question/answer process, to validate that the "Candidate" IRR (IP prefix, Origin_AS) pairs are authentic, or not. So, considering each step independently: the former (IRR data) is enumeration, the second is not. However, in the context of this specific operational model, the end result is an enumerated list of validated (IP Prefix, Origin_AS) pairs. -shane
Current thread:
- ROVER routing security - its not enumeration Daniel Massey (Jun 05)
- Re: ROVER routing security - its not enumeration Shane Amante (Jun 05)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Christopher Morrow (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Randy Bush (Jun 05)
- Re: ROVER routing security - its not enumeration Doug Montgomery (Jun 06)
- Re: ROVER routing security - its not enumeration Paul Vixie (Jun 10)
- Re: ROVER routing security - its not enumeration Doug Montgomery (Jun 11)