[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rpki vs. secure dns?

Subject: rpki vs. secure dns?
From: regnauld at nsrc.org (Phil Regnauld)
Date: Sat, 28 Apr 2012 21:28:43 +0200
In-reply-to: <CAGFn2k3J1M=8CLZuRZJDSPkoerPXVRW2tdbpj923hQHNaKWtiA@mail.gmail.com>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <CAGFn2k3J1M=8CLZuRZJDSPkoerPXVRW2tdbpj923hQHNaKWtiA@mail.gmail.com>

Rubens Kuhl (rubensk) writes:
> > In case you feel a BGP announcement should not be "RPKI Invalid" but something else, you do what's described on slide 15-17:
> >
> > https://ripe64.ripe.net/presentations/77-RIPE64-Plenery-RPKI.pdf
> 
> The same currently happens with DNSSEC, doing what Comcast calls
> "negative trust anchors":
> http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-01

	Yes, NTAs was the comparison that came to my mind as well. Or even
	in classic DNS, overriding with stubs. You will get bitten by a bogus/
	flawed ROA, but you'll have to the chance to mitigate it. Any kind of
	centralized mechanism like this is subject to these risks, no matter
	what the distribution mechanism is.

Follow-Ups:
- rpki vs. secure dns?
  - From: alexb at ripe.net (Alex Band)

References:
- rpki vs. secure dns?
  - From: vixie at isc.org (Paul Vixie)
- rpki vs. secure dns?
  - From: fw at deneb.enyo.de (Florian Weimer)
- rpki vs. secure dns?
  - From: alexb at ripe.net (Alex Band)
- rpki vs. secure dns?
  - From: fw at deneb.enyo.de (Florian Weimer)
- rpki vs. secure dns?
  - From: alexb at ripe.net (Alex Band)
- rpki vs. secure dns?
  - From: nick at foobar.org (Nick Hilliard)
- rpki vs. secure dns?
  - From: regnauld at nsrc.org (Phil Regnauld)
- rpki vs. secure dns?
  - From: nick at foobar.org (Nick Hilliard)
- rpki vs. secure dns?
  - From: alexb at ripe.net (Alex Band)
- rpki vs. secure dns?
  - From: rubensk at gmail.com (Rubens Kuhl)

Prev by Date: rpki vs. secure dns?
Next by Date: Juniper MX960 with SCB-E vs Cisco ASR9k with RSP400
Previous by thread: rpki vs. secure dns?
Next by thread: rpki vs. secure dns?
Index(es):
- Date
- Thread