soBGP deployment

• Previous message (by thread): soBGP deployment
• Next message (by thread): soBGP deployment
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 14:00 -0400 5/23/05, Daniel Golding wrote:

My reply is mostly tongue-in-cheek.  I think it's always healthy to 
explore alternatives.

>Why not do something simple? The in-addr.arpa reverse delegation tree is
>pretty accurate. We use it for lots of different things. Why not just give
>IP address blocks a new RR (or use a TXT record) to identify ASN? This
>solves the biggest problem we have right now, which is stealing of address
>blocks. It requires little processor overhead, and only a few additional DNS
>lookups. Its reasonably foolproof.

I'll ignore that you said "(or use a TXT record)". ;)

Without DNSSEC, what does this buy?  "Secure" information on a 
non-secure channel.

If, by "stealing addresses" you mean that the RIR records are 
changed, then changing the name servers is trivial - changing to 
servers that have the hijacker's preferred data (or none!).

>Why create reliance on more databases? The RIRs are iffy. We rely on DNS
>right now. Why not keep relying on it? This solution doesn't solve all of
>our problems, but it does help, its easy, and people will implement it.

Who populates the DNS (well, the .arpa domain)?  The RIRs do.

>Ok, please start flaming now :)

Brave to make such a request on a Monday afternoon.
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

If you knew what I was thinking, you'd understand what I was saying.

• Previous message (by thread): soBGP deployment
• Next message (by thread): soBGP deployment
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]