rpki vs. secure dns?
alexb at ripe.net
Sat Apr 28 13:14:27 CDT 2012
On 28 Apr 2012, at 19:45, Nick Hilliard wrote:
> On 28/04/2012 18:27, Phil Regnauld wrote:
>> To me that seems like the most obvious problem, but as Alex put it,
>> "Everyone has the ability to apply an override on data they do not trust,
>> or have a specific local policy for."
> So what do you suggest to do with a roa lookup which returns "Invalid"?
In case you feel a BGP announcement should not be "RPKI Invalid" but something else, you do what's described on slide 15-17:
More information about the NANOG