[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
rpki vs. secure dns?
On 28 Apr 2012, at 19:45, Nick Hilliard wrote:
> On 28/04/2012 18:27, Phil Regnauld wrote:
>> To me that seems like the most obvious problem, but as Alex put it,
>> "Everyone has the ability to apply an override on data they do not trust,
>> or have a specific local policy for."
>
> So what do you suggest to do with a roa lookup which returns "Invalid"?
In case you feel a BGP announcement should not be "RPKI Invalid" but something else, you do what's described on slide 15-17:
https://ripe64.ripe.net/presentations/77-RIPE64-Plenery-RPKI.pdf
-Alex