[arin-announce] ARIN Resource Certification Update

Danny McPherson danny at tcb.net
Mon Jan 24 19:59:35 CST 2011


On Jan 24, 2011, at 8:48 PM, Randy Bush wrote:

>> And now that DNSSEC is deployed
> 
> and you are not sharing what you are smoking

root and .arpa are signed, well on the way, particularly relative 
to RPKI.

Incremental cost of signing in-addr.arpa using a deployed DNS 
system as opposed to continuing development, deployment and 
operationalizing and dealing with all the political issues with 
deploying a new RPKI system -- hrmm.

And again, I'm not opposed to RPKI and know we REQUIRE 
number resource certification before we can secure the routing 
system.  I just don't like the notion of deploying a brand new 
system with data that at the end of the day is going to look an 
awful lot like the existing in-addr.arpa delegation system that's 
deployed, and introduce new hierarchical shared dependencies 
that don't exist today.  Keep it simple?

-danny 




More information about the NANOG mailing list