rpki vs. secure dns?

Dmitry Burkov dburk at burkov.aha.ru
Mon Apr 30 10:16:10 CDT 2012


Danny, 
just one more comment.

So named vendor's support can be the worst case when there are no practical ways to deploy and it is  absolutely
not clear - should we follow this hierarchical model - I think it is  the key point as we pushed ourselves by inertia to this way of thinking.


Imho - it is way to nowhere in such form

We need more flexible, distributed architecture behind - no matter - which interests will be lobbied as we have got already.



On Apr 30, 2012, at 6:53 PM, Danny McPherson wrote:

> 
> On Apr 28, 2012, at 6:34 AM, Alex Band wrote:
> 
>> All in all, RPKI has really good traction and with native router support in Cisco, Juniper and Quagga, this is only getting better. 
> 
> We should be more careful with statements such as this, they're conflating important things that add to the confusion in this area.
> 
> None of these implementations support "RPKI" today.  What they support is a new protocol for onboarding routing policy data (some call this a [VRP],  essentially prefix,origin bindings) into soft state in a router.
> 
> -danny
> 
> [VRP] https://ripe64.ripe.net/presentations/74-120417.sidr-origin.pdf
> 




More information about the NANOG mailing list