On Aug 14, 2008, at 10:59 PM, David Conrad wrote:
Yep. IANA does indeed have a limited operational role in the DNS (in that currently IANA directly operates .int, ip6.arpa, urn.arpa, uri.arpa, and iris.arpa) and no direct operational role in routing.
Of course, the statement was about the authority and delegation model, not about operational roles. ... Not sure it is 'the most fundamental change', but it is indeed a significant change. That's sort of the point: RPKI is designed to allow for validation which isn't possible now. ... Indeed. And if RPKI is deployed in a way that is useful for validation of routing announcements in real time, this will obviously change, regardless of whether there is a single root for the address space or multiple roots. However, it seems to me that the decision as to whether there is a single root or multiple roots is deeply rooted (pun intended) in layer 9.
But perhaps that's just me.
OK, so we were talking past one another. I agree with everything you said above, and simply meant to highlight the fact that RPKI validation will change things (quite necessarily, IMO), and folks need to be paying attention to this. -danny