[arin-announce] ARIN Resource Certification Update

Joe Abley jabley at hopcount.ca
Mon Jan 24 20:06:54 CST 2011

On 2011-01-24, at 20:59, Danny McPherson wrote:

> On Jan 24, 2011, at 8:48 PM, Randy Bush wrote:
>>> And now that DNSSEC is deployed
>> and you are not sharing what you are smoking
> root and .arpa are signed, well on the way, particularly relative 
> to RPKI.
> Incremental cost of signing in-addr.arpa using a deployed DNS 
> system as opposed to continuing development, deployment and 
> operationalizing and dealing with all the political issues with 
> deploying a new RPKI system -- hrmm.

IN-ADDR.ARPA will be signed relatively soon, as part of the work described here:


Timeline to follow, here and other similar lists, some time relatively soon. But I'm curious about your thoughts on the case I mentioned in my last message. I don't think the existence of a secure delegation chain from the root down to operator of the last sub-allocated address block is all that is required, here.


More information about the NANOG mailing list