nanog mailing list archives

Re: [arin-announce] ARIN Resource Certification Update

From: Christopher Morrow <morrowc.lists () gmail com>
Date: Mon, 24 Jan 2011 22:31:30 -0500

On Mon, Jan 24, 2011 at 9:02 PM, Joe Abley <jabley () hopcount ca> wrote:


On 2011-01-24, at 20:24, Danny McPherson wrote:

<separate subject>
Beginning to wonder why, with work like DANE and certificates in DNS
in the IETF, we need an RPKI  and new hierarchical shared dependency
system at all and can't just place ROAs in in-addr.arpa zone files that are
DNSSEC-enabled.

<snip>

But what about this case?

 RIR allocates 10.0.0.0/8 to A
 A allocates 10.0.0.0/16 to B
 B allocates 10.0.0.0/24 to C

In this case the DNS delegations go directly from RIR to C; there's no opportunity for A or B to sign intermediate 
zones, and
hence no opportunity for them to indicate the legitimacy of the allocation.


it's not the best example, but I know that at UUNET there were plenty
of examples of the in-addr tree not really following the BGP path.

-chris

Current thread:

Re: [arin-announce] ARIN Resource Certification Update, (continued)
- - - Re: [arin-announce] ARIN Resource Certification Update Danny McPherson (Jan 24)
    - Re: [arin-announce] ARIN Resource Certification Update Randy Bush (Jan 24)
    - Re: [arin-announce] ARIN Resource Certification Update Roland Dobbins (Jan 24)
    - Re: [arin-announce] ARIN Resource Certification Update Randy Bush (Jan 24)
    - Message not available
    - Re: [arin-announce] ARIN Resource Certification Update Randy Bush (Jan 27)
    - Re: [arin-announce] ARIN Resource Certification Update Roland Dobbins (Jan 24)
    - Re: [arin-announce] ARIN Resource Certification Update Joe Abley (Jan 24)
    - Re: [arin-announce] ARIN Resource Certification Update Danny McPherson (Jan 24)
    - Re: [arin-announce] ARIN Resource Certification Update Richard Barnes (Jan 24)
    - Re: [arin-announce] ARIN Resource Certification Update Danny McPherson (Jan 24)
    - Re: [arin-announce] ARIN Resource Certification Update Christopher Morrow (Jan 24)
    - Re: [arin-announce] ARIN Resource Certification Update Steven Bellovin (Jan 24)
    - Re: [arin-announce] ARIN Resource Certification Update Christopher Morrow (Jan 24)
    - Re: [arin-announce] ARIN Resource Certification Update Roland Dobbins (Jan 24)
    - Re: [arin-announce] ARIN Resource Certification Update Christopher Morrow (Jan 24)
    - Re: [arin-announce] ARIN Resource Certification Update Joe Abley (Jan 25)
    - Re: [arin-announce] ARIN Resource Certification Update Roland Dobbins (Jan 25)
    - Re: [arin-announce] ARIN Resource Certification Update Charles N Wyble (Jan 25)
- Re: [arin-announce] ARIN Resource Certification Update Alex Band (Jan 29)
  - Re: [arin-announce] ARIN Resource Certification Update John Curran (Jan 29)
  - Re: [arin-announce] ARIN Resource Certification Update Arturo Servin (Jan 29)

(Thread continues...)