rpki vs. secure dns?

Rubens Kuhl rubensk at gmail.com
Sat Apr 28 14:21:34 CDT 2012


> In case you feel a BGP announcement should not be "RPKI Invalid" but something else, you do what's described on slide 15-17:
>
> https://ripe64.ripe.net/presentations/77-RIPE64-Plenery-RPKI.pdf

The same currently happens with DNSSEC, doing what Comcast calls
"negative trust anchors":
http://tools.ietf.org/html/draft-livingood-negative-trust-anchors-01




Rubens



More information about the NANOG mailing list