[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
..."my" Internet... snicker :)
On Mon, Oct 03, 2011 at 10:30:47AM -0400, Todd Underwood wrote:
> > User Exercise: What happens when you enable integrity checking in an
> > application (e.g., 'dnssec-validation auto') and datapath manipulation
> > persists? Bonus points for analysis of implementation and deployment
> > behaviors and resulting systemic effects.
> >
>
> i agree with danny here.
>
> ignoring randy (and others) off-topic comments about hypocrisy, this
> situation is fundamentally a situation of bad (or different) network
> policy being applied outside of its scope. i would prefer that china
> not censor the internet, sure. but i really require that china not
> censor *my* internet when i'm not in china.
>
> t
well, not to disagree - BUT.... the sole reason we have
BGP and use ASNs the way we do is to ensure/enforce local
policy. It is, after all, an AUTONOMOUS SYSTEM number.
One sets policy at its boundaries on what/how to accept/reject/modify
traffic crossing the boundary.
If you dont -like- the ASN policy - then don't use/traverse that
ASN.
and rPKI has the same problems as DNSSEC. lack of uniform use/implementation
is going to be a huge party - full of fun & games.
/bill