[arin-announce] ARIN Resource Certification Update
jabley at hopcount.ca
Mon Jan 24 20:06:54 CST 2011
On 2011-01-24, at 20:59, Danny McPherson wrote:
> On Jan 24, 2011, at 8:48 PM, Randy Bush wrote:
>>> And now that DNSSEC is deployed
>> and you are not sharing what you are smoking
> root and .arpa are signed, well on the way, particularly relative
> to RPKI.
> Incremental cost of signing in-addr.arpa using a deployed DNS
> system as opposed to continuing development, deployment and
> operationalizing and dealing with all the political issues with
> deploying a new RPKI system -- hrmm.
IN-ADDR.ARPA will be signed relatively soon, as part of the work described here:
Timeline to follow, here and other similar lists, some time relatively soon. But I'm curious about your thoughts on the case I mentioned in my last message. I don't think the existence of a secure delegation chain from the root down to operator of the last sub-allocated address block is all that is required, here.
More information about the NANOG