Hi Daniele, Speaking for L-root.
We have made the decision to be conservative in adopting new protocols so that when we do adopt a new technology it is done with full awareness of the implications to the global internet for an important service like root zone resolution. That measured and conservative approach is expected of L-root, and I certainly intend to live up to that. At this point in time, my assessment of RPKI is such that much work is still to be done before I feel I can judge it as complete and robust. for example: - the position on validation is in flux - an entirely new mechanism for object retrieval from publication points is being developed - there remains no strong mechanism for key roll (like rfc5011) - the IAB's single trust anchor is yet to materialise - resiliency in the RPKI systems is yet to be proven (at least to me) - legal teams are still vacillating on the implications of RPKI use I do appreciate your enthusiasm, and I encourage you to keep your page active. I also encourage you to share all of your experiences of RPKI (good/bad/otherwise) here so that this working group can collectively review the ongoing deployment. Cheers Terry On 13/11/2014 11:10 am, "Daniele Iamartino" <[email protected]> wrote: >Hello, > >Since DNS root servers are a critical service, I've been checking if >their prefixes could be origin-validated on BGP using RPKI. >It would be good if we could secure them. > >So I've built this website monitoring the status of DNS root servers >prefixes once a day: http://rpki.me/dns.html > >(So far I'm using LINX route-views monitor and RIR's RPKI repo + CA0 repo) > >RIPE NCC already told me that they will secure the v4 address of K-root >very soon. > >I also wrote to several other root server operators, but I'm still >waiting an answer. > > >Some prefixes are in v4 legacy address space (not administered by ARIN: >with RegDate < 22 Dec 1997). I suppose that this might be a problem in >order to obtain certificates covering them from ARIN. > > >Regards > >-- >Daniele Iamartino >Computer engineering student at Politecnico di Milano, Italy > >_______________________________________________ >sidr mailing list >[email protected] >https://www.ietf.org/mailman/listinfo/sidr
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
