rpki vs. secure dns?
Alex Band
alexb at ripe.net
Sat Apr 28 18:14:27 UTC 2012
On 28 Apr 2012, at 19:45, Nick Hilliard wrote:
> On 28/04/2012 18:27, Phil Regnauld wrote:
>> To me that seems like the most obvious problem, but as Alex put it,
>> "Everyone has the ability to apply an override on data they do not trust,
>> or have a specific local policy for."
>
> So what do you suggest to do with a roa lookup which returns "Invalid"?
In case you feel a BGP announcement should not be "RPKI Invalid" but something else, you do what's described on slide 15-17:
https://ripe64.ripe.net/presentations/77-RIPE64-Plenery-RPKI.pdf
-Alex
More information about the NANOG
mailing list