nanog mailing list archives

Re: rpki vs. secure dns?

From: paul vixie <vixie () isc org>
Date: Tue, 29 May 2012 11:02:38 +0000

On 5/29/2012 10:27 AM, Stephane Bortzmeyer wrote:

On Mon, May 28, 2012 at 10:01:59PM +0000,
 paul vixie <vixie () isc org> wrote 
 a message of 37 lines which said:

i can tell more than that. rover is a system that only works at all
when everything everywhere is working well, and when changes always
come in perfect time-order,

Exactly like DNSSEC.


no. dnssec for a response only needs that response's delegation and
signing path to work, not "everything everywhere".

So, DNSSEC is doomed :-)


i hope not. if we had to start over on something that can protect the
cache against trivial pollution and also enable new applications like
DANE, we'd be ten years from first prototype instead of ten years from
ubiquity.

paul

Current thread:

Re: rpki vs. secure dns?, (continued)
- - Re: rpki vs. secure dns? David Conrad (May 01)
    - Re: rpki vs. secure dns? Dobbins, Roland (May 01)
    - Re: rpki vs. secure dns? David Conrad (May 01)
- Re: rpki vs. secure dns? Dobbins, Roland (May 01)
  - Re: rpki vs. secure dns? Russ White (May 01)
    - Re: rpki vs. secure dns? Dobbins, Roland (May 01)
  - Re: rpki vs. secure dns? Paul Vixie (May 28)
    - Re: rpki vs. secure dns? David Conrad (May 28)
    - Re: rpki vs. secure dns? paul vixie (May 28)
    - Re: rpki vs. secure dns? Stephane Bortzmeyer (May 29)
    - Re: rpki vs. secure dns? paul vixie (May 29)
    - Re: rpki vs. secure dns? David Conrad (May 29)
    - Re: rpki vs. secure dns? Alex Band (May 29)
    - Re: rpki vs. secure dns? Richard Barnes (May 29)
    - Re: rpki vs. secure dns? Alex Band (May 29)
    - Re: rpki vs. secure dns? Richard Barnes (May 29)
    - Re: rpki vs. secure dns? Paul Vixie (May 29)
    - Re: rpki vs. secure dns? Randy Bush (May 29)
    - Re: rpki vs. secure dns? Randy Bush (May 29)
    - Re: rpki vs. secure dns? Shane Amante (May 29)
    - Re: rpki vs. secure dns? David Conrad (May 29)

(Thread continues...)