Re: BGP to doom us all

From: Vadim Antonov (no email)
Date: Sat Mar 01 2003 - 01:49:02 EST

• Next message: Paul Ferguson: "RE: BGP to doom us all"
• Previous message: (no name): "Re: anti-spam vs network abuse"
• Maybe in reply to: Avi Freedman: "Re: BGP to doom us all"
• Next in thread: (no name): "Re: BGP to doom us all"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thank you very much, but no.

DNS (and DNSSEC) relies on working IP transport for its operation.

Now you effectively propose to make routing (and so operation of IP
transport) dependent on DNS(SEC).

Am I the only one who sees the problem?

--vadim

PS. The only sane method for routing info validation I've seen so far is
    the plain old public-key crypto signatures.

On 1 Mar 2003, Paul Vixie wrote:
>
> > It wouldn't be too hard for me to trust:
> >
> > 4969.24.origin.0.254.200.10.in-addr.arpa returning something like "true."
> > to check whether 4969 is allowed to originaate 10.200.254.0/24. ...
>
> at last, an application for dnssec!

• Next message: Paul Ferguson: "RE: BGP to doom us all"
• Previous message: (no name): "Re: anti-spam vs network abuse"
• Maybe in reply to: Avi Freedman: "Re: BGP to doom us all"
• Next in thread: (no name): "Re: BGP to doom us all"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]