25 Jan
2011
25 Jan
'11
2:21 a.m.
On Mon, Jan 24, 2011 at 9:16 PM, Danny McPherson <danny@tcb.net> wrote:
On Jan 24, 2011, at 9:02 PM, Joe Abley wrote:
In this case the DNS delegations go directly from RIR to C; there's no opportunity for A or B to sign intermediate zones, and hence no opportunity for them to indicate the legitimacy of the allocation.
As a thought experiment, how would you see this working?
New prefix-based RRs? And perhaps even a new .arpa or in-addr.arpa subdomain, the draft Randy referenced even discussed the latter, IIRC.
-danny
The more you have to invent, though, the more this sounds like a bike-shed discussion. s/DNSSEC/X.509/g s/delegating reverse "prefix" zone/signing RPKI delegation certificate/g