rpki vs. secure dns?
nick at foobar.org
Sun Apr 29 15:08:20 CDT 2012
On 29/04/2012 16:16, Alex Band wrote:
> All in all, for an RPKI-specific court order to be effective in taking a
> network offline, the RIR would have to tamper with the registry, inject
> false data and try to make sure it's not detected so nobody applies a
> local override.
You mean, like an FBI domain seizure on the basis of a US court order?
Realistically, it doesn't matter a whole lot if the occasional network here
or there applies a local override. If their upstream transit provider
isn't carrying the prefix (on the basis of similar simultaneous court
orders), it's game over for that prefix.
More information about the NANOG