..."my" Internet... snicker :)

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Mon Oct 3 09:42:21 CDT 2011


On Mon, Oct 03, 2011 at 10:30:47AM -0400, Todd Underwood wrote:
> > User Exercise:  What happens when you enable integrity checking in an
> > application (e.g., 'dnssec-validation auto') and datapath manipulation
> > persists?  Bonus points for analysis of implementation and deployment
> > behaviors and resulting systemic effects.
> >
> 
> i agree with danny here.
> 
> ignoring randy (and others) off-topic comments about hypocrisy, this
> situation is fundamentally a situation of bad (or different) network
> policy being applied outside of its scope.  i would prefer that china
> not censor the internet, sure.  but i really require that china not
> censor *my* internet when i'm not in china.
> 
> t

	well, not to disagree - BUT....  the sole reason we have
	BGP and use ASNs the way we do is to ensure/enforce local
	policy.  It is, after all, an AUTONOMOUS SYSTEM number.
	One sets policy at its boundaries on what/how to accept/reject/modify
	traffic crossing the boundary.

	If you dont -like- the ASN policy - then don't use/traverse that
	ASN. 

	and rPKI has the same problems as DNSSEC.  lack of uniform use/implementation
	is going to be a huge party - full of fun & games.

/bill



More information about the NANOG mailing list