rpki vs. secure dns?

• Previous message (by thread): rpki vs. secure dns?
• Next message (by thread): rpki vs. secure dns?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On May 29, 2012, at 4:02 AM, paul vixie wrote:
>>> i can tell more than that. rover is a system that only works at all
>>> when everything everywhere is working well, and when changes always
>>> come in perfect time-order,
>> Exactly like DNSSEC. 
> 
> no. dnssec for a response only needs that response's delegation and
> signing path to work, not "everything everywhere".

My impression was that ROVER does not need "everything, everywhere" to work to fetch the routing information for a particular prefix -- it merely needs sufficient routing information to follow the delegation and signing path for the prefix it is looking up. However, I'll admit I haven't looked into this in any particular depth so I'm probably wrong.

Regards,
-drc

• Previous message (by thread): rpki vs. secure dns?
• Next message (by thread): rpki vs. secure dns?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]