On Oct 26, 2012, at 6:04 PM, Shane Kerr wrote: > Yeah, that's not the infrastructure we care about, since that is not spoofing > source addresses on the public Internet.
The point is that the network infrastructure vendors will not invest a lot of time and resources, at least not given the current state of affairs, in trying to tie their network infrastructure gear into any kind of delegation certification PKI infrastructure, as most of the gear they sell isn't connected to the Internet and hasn't any way to connect to the putative delegation PKI system. Another point is that, given the various controversies in the 'classic' DNS space with regards to various domain takedowns for reasons other than straightforward abuse, the benefits of such a system vs. its potential susceptibility to legislative and regulatory incursions isn't a settled issue (the same concerns apply in the routing space, as well as with regards to DNSSEC). ----------------------------------------------------------------------- Roland Dobbins <[email protected]> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
