Re: AS8584 taking over the internet
I have and remain unconvinced and or confused ;) The proposal allows an operator to verify a valid origin AS for a given prefix (i.e. "config" sorry if I'm being loose with the word) by using the DNS system with "bgp.in-addr" extensions. I'm not sure which part of the random route announcement problem that dnssec solves in this case? It can help with the "are they indeed are who they say they are", but it doesn't solve the "are they supposed to be doing what they said that they're doing" case. And you didn't address my paranoia about not trusting the DNS ;) -scott
you may wish to read the draft. it did not suggest using the dns to configure. and you may also want to look into dnssec.
randy
I have and remain unconvinced and or confused ;)
inclusive or exclusive or? :-)
I'm not sure which part of the random route announcement problem that dnssec solves in this case?
the draft sans dnssec, addresses, or is meant to address, the subject of this thread. it would have prevented the problem in the subject of this message, 7007, uunet leaking 128/9, ... dnssec, in this context, is meant to address
my paranoia about not trusting the DNS
randy
participants (2)
-
Randy Bush -
Scott Huddle