rpki vs. secure dns?

Nick Hilliard nick at foobar.org
Sun Apr 29 15:08:20 CDT 2012


On 29/04/2012 16:16, Alex Band wrote:
> All in all, for an RPKI-specific court order to be effective in taking a
> network offline, the RIR would have to tamper with the registry, inject
> false data and try to make sure it's not detected so nobody applies a
> local override.

You mean, like an FBI domain seizure on the basis of a US court order?

Realistically, it doesn't matter a whole lot if the occasional network here
or there applies a local override.  If their upstream transit provider
isn't carrying the prefix (on the basis of similar simultaneous court
orders), it's game over for that prefix.

Nick



More information about the NANOG mailing list