On Fri, Oct 1, 2010 at 11:12 AM, Jeroen Massar <jer...@unfix.org> wrote: > On 2010-10-01 17:04, Christopher Morrow wrote: > [..] >> I think so far the models proposed in SIDR-wg include: >> o more than one cert tree (trust anchor) > > Why not in a similar vain as RBLs: white and black lists. >
I'm sure someone will think it's a fine plan to set up a TA and sign down ROA's that indicate 'badness' or 'invalid' or something similar. There's nothing stopping that, similarly today you COULD subscribe to a BGP feed of subnets of actually seen routes rewriting the next-hop to dsc0/Null0/honeypot... I don't think this sort of thing is in the SIDR-wg's charter though... much like RBL's are not in DNS-EXT's charter? -chris