Re: New addresses for b.root-servers.net

[Matt Corallo <nanog () as397444 net>]

On 6/19/23 8:08 PM, Masataka Ohta wrote:
> Matt Corallo wrote:
> > This is totally unrelated to the question at hand. There wasn't a question about whether a user 
> > relying on trusted authorities can maybe be whacked by said trusted authorities (though there's 
> > been a ton of work in this space, most notably requiring CT these days),
>
> So, let's recognize ISPs as trusted authorities and
> we are reasonably safe without excessive cost to
> support DNSSEC with all the untrustworthy hypes of
> HSMs and four-eyes principle.

I think this list probably has a few things to say about "ISPs as trusted authorities" - is everyone 
on this list already announcing and enforcing an exact ASPA policy (or BGPSec or so) and ensuring 
the full path for each packet they send is secure and robust to ensure it gets to its proper 
destination?

Somehow I don't think this model is workable, but what do I know, I was just responding to someone 
on this list who mentioned it was dumb to rely on IP destination as being secure :)

Matt