..."my" Internet... snicker :)
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Mon Oct 3 14:42:21 UTC 2011
On Mon, Oct 03, 2011 at 10:30:47AM -0400, Todd Underwood wrote:
> > User Exercise: What happens when you enable integrity checking in an
> > application (e.g., 'dnssec-validation auto') and datapath manipulation
> > persists? Bonus points for analysis of implementation and deployment
> > behaviors and resulting systemic effects.
> >
>
> i agree with danny here.
>
> ignoring randy (and others) off-topic comments about hypocrisy, this
> situation is fundamentally a situation of bad (or different) network
> policy being applied outside of its scope. i would prefer that china
> not censor the internet, sure. but i really require that china not
> censor *my* internet when i'm not in china.
>
> t
well, not to disagree - BUT.... the sole reason we have
BGP and use ASNs the way we do is to ensure/enforce local
policy. It is, after all, an AUTONOMOUS SYSTEM number.
One sets policy at its boundaries on what/how to accept/reject/modify
traffic crossing the boundary.
If you dont -like- the ASN policy - then don't use/traverse that
ASN.
and rPKI has the same problems as DNSSEC. lack of uniform use/implementation
is going to be a huge party - full of fun & games.
/bill
More information about the NANOG
mailing list