rpki vs. secure dns?

Danny McPherson danny at tcb.net
Mon Apr 30 09:53:05 CDT 2012


On Apr 28, 2012, at 6:34 AM, Alex Band wrote:

>  All in all, RPKI has really good traction and with native router support in Cisco, Juniper and Quagga, this is only getting better. 

We should be more careful with statements such as this, they're conflating important things that add to the confusion in this area.

None of these implementations support "RPKI" today.  What they support is a new protocol for onboarding routing policy data (some call this a [VRP],  essentially prefix,origin bindings) into soft state in a router.

-danny

[VRP] https://ripe64.ripe.net/presentations/74-120417.sidr-origin.pdf



More information about the NANOG mailing list