|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: BGP to doom us all
On Fri, 28 Feb 2003, Vadim Antonov wrote: > > > > Thank you very much, but no. > > DNS (and DNSSEC) relies on working IP transport for its operation. Doesn't sBGP also have this problem? A catch-22 where you have to have good routing to get good routing? Or did I miss something? > > Now you effectively propose to make routing (and so operation of IP > transport) dependent on DNS(SEC). > > Am I the only one who sees the problem? > > --vadim > > PS. The only sane method for routing info validation I've seen so far is > the plain old public-key crypto signatures. > > > On 1 Mar 2003, Paul Vixie wrote: > > > > > It wouldn't be too hard for me to trust: > > > > > > 4969.24.origin.0.254.200.10.in-addr.arpa returning something like "true." > > > to check whether 4969 is allowed to originaate 10.200.254.0/24. ... > > > > at last, an application for dnssec! > >
|