[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rpki vs. secure dns?

Subject: rpki vs. secure dns?
From: drc at virtualized.org (David Conrad)
Date: Tue, 29 May 2012 07:21:35 -0700
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On May 29, 2012, at 4:02 AM, paul vixie wrote:
>>> i can tell more than that. rover is a system that only works at all
>>> when everything everywhere is working well, and when changes always
>>> come in perfect time-order,
>> Exactly like DNSSEC. 
> 
> no. dnssec for a response only needs that response's delegation and
> signing path to work, not "everything everywhere".

My impression was that ROVER does not need "everything, everywhere" to work to fetch the routing information for a particular prefix -- it merely needs sufficient routing information to follow the delegation and signing path for the prefix it is looking up. However, I'll admit I haven't looked into this in any particular depth so I'm probably wrong.

Regards,
-drc

Follow-Ups:
- rpki vs. secure dns?
  - From: alexb at ripe.net (Alex Band)

References:
- rpki vs. secure dns?
  - From: rdobbins at arbor.net (Dobbins, Roland)
- rpki vs. secure dns?
  - From: vixie at isc.org (Paul Vixie)
- rpki vs. secure dns?
  - From: drc at virtualized.org (David Conrad)
- rpki vs. secure dns?
  - From: vixie at isc.org (paul vixie)
- rpki vs. secure dns?
  - From: bortzmeyer at nic.fr (Stephane Bortzmeyer)
- rpki vs. secure dns?
  - From: vixie at isc.org (paul vixie)

Prev by Date: Comcast Service for Non-Cap Bandwidth
Next by Date: Video streaming over IPv6
Previous by thread: rpki vs. secure dns?
Next by thread: rpki vs. secure dns?
Index(es):
- Date
- Thread