rpki vs. secure dns?
Nick Hilliard
nick at foobar.org
Sun Apr 29 20:08:20 UTC 2012
On 29/04/2012 16:16, Alex Band wrote:
> All in all, for an RPKI-specific court order to be effective in taking a
> network offline, the RIR would have to tamper with the registry, inject
> false data and try to make sure it's not detected so nobody applies a
> local override.
You mean, like an FBI domain seizure on the basis of a US court order?
Realistically, it doesn't matter a whole lot if the occasional network here
or there applies a local override. If their upstream transit provider
isn't carrying the prefix (on the basis of similar simultaneous court
orders), it's game over for that prefix.
Nick
More information about the NANOG
mailing list