DataPacRat,
... I think I see a differing assumption between DANE and RPKI, and the model I'm using. Both of those security systems seem to be aimed at provably linking a domain name with a particular server, so that when you go to 'gmail.com' you're not secretly being redirected to some other server which decrypts your private email. But if no domain name is involved, neither of those systems applies.
This is not true of the RPKI. The RPKI was developed to support routing security, not binding public keys to DNS names.
Steve _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
