nanog mailing list archives
Re: rpki vs. secure dns?
From: Russ White <russw () riw us>
Date: Tue, 01 May 2012 07:19:52 -0400
Randy:
as i agree that there is a problem, i *very* eagerly await your proposal
Reality: A few years back there were a half a dozen options proposed. soBGP, pgBGP, IRR based solutions, etc. Just recently PSVs were discussed and dismissed as a live option. Why? 1. Only S-BGP/BGP-SEC will solve the "man in the middle attack," within the parameter of "I won't ever tell anyone what any of my policies are!" This single requirement --solving one specific policy issue without advertising policy-- has been the center pin of the entire discussion for a number of years. 2. Any time someone proposed something different, long threads ensue with lots of talk about how these folks don't know what they're talking about, etc., but which contain very little technical discussion, or thoughts on tradeoffs, etc. Any technical discussion is limited to taking out the "man in the middle attack," and beating it over the heads of those making the proposal --repeatedly. So the bottom line is this: The current requirements were written around the ability of one particular solution to solve one particular policy issue in a way that's acceptable to a very small set of operators. A single root has been a requirement for a long time, as well --we had this discussion a very long time ago. No other solution proposed had a single root, and S-BGP/BGP-SEC didn't have to use a single root. But a single root somehow made it into the requirements, and it's stayed there ever since. If you want honestly more options, go back and rethink your requirements. Russ
Current thread:
- Re: rpki vs. secure dns? Russ White (May 01)
- <Possible follow-ups>
- Re: rpki vs. secure dns? Dobbins, Roland (May 01)
- Re: rpki vs. secure dns? David Conrad (May 01)
- Re: rpki vs. secure dns? Dobbins, Roland (May 01)
- Re: rpki vs. secure dns? David Conrad (May 01)
- Re: rpki vs. secure dns? David Conrad (May 01)
- Re: rpki vs. secure dns? Dobbins, Roland (May 01)
- Re: rpki vs. secure dns? Russ White (May 01)
- Re: rpki vs. secure dns? Dobbins, Roland (May 01)
- Re: rpki vs. secure dns? Paul Vixie (May 28)
- Re: rpki vs. secure dns? David Conrad (May 28)
- Re: rpki vs. secure dns? paul vixie (May 28)
- Re: rpki vs. secure dns? Russ White (May 01)