What I think's interesting is that route filters are still the go to for BGP authentication.
Nobody steals DNS to the degree of BGP, because DNS has solid PKI authentication. If RPKI only had the same chain of trust for in-addr.arpa as the rest of DNS does back to iana. Kind regards Paul Wilkins On Tue, 13 Nov 2018 at 17:01, Dobbins, Roland <[email protected]> wrote: > On 13 Nov 2018, at 11:53, Binh Lam wrote: > > > just to whom who provided critical infrastructures (ie, email, DNS > > hosting, cloud providers, > > online banking sites subnets, high profile sensitive online sites , > > etc..) > > This is both untenable and undesirable. Nor is Internet nor 'critical > infrastructure' composed solely of /24s. > > There are a couple of decades' worth of discussion of the topic of > disaggregation; strongly suggest perusing it. > > -------------------------------------------- > Roland Dobbins <[email protected]> > _______________________________________________ > AusNOG mailing list > [email protected] > http://lists.ausnog.net/mailman/listinfo/ausnog >
_______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
