At 07:25 PM 4/9/98 -0400, Scott Huddle wrote:
I have and remain unconvinced and or confused ;) The proposal allows an operator to verify a valid origin AS for a given prefix (i.e. "config" sorry if I'm being loose with the word) by using the DNS system with "bgp.in-addr" extensions. I'm not sure which part of the random route announcement problem that dnssec solves in this case? It can help with the "are they indeed are who they say they are", but it doesn't solve the "are they supposed to be doing what they said that they're doing" case.
Has anyone benchmarked how long it will take to resolve 50,000 bgp.in-addr's after a line hiccup or a "clear ip bgp *"? -Hank
And you didn't address my paranoia about not trusting the DNS ;)
-scott
you may wish to read the draft. it did not suggest using the dns to configure. and you may also want to look into dnssec.
randy