%
%
% Bill Manning <[EMAIL PROTECTED]> writes:
% > THe last time it was seriously raised was at the Joint IETF/ISOC mtg in
% > Montreal. The failure modes are pretty spectactular, at least until
% > DNSsec is deployed and applications can verify the accuracy of the data
% > received from a root server.
%
% You can probably manage to forge data in a significant way right now
% -- I'm not sure host routes in the DFZ would make that substantially
% worse. It is also possible to use standard policy mechanisms to note
% attempts to hijack one of the routes...
%
% .pm
%
Two considerations:
1) gettting general consensus by Operators to add this varience
to their SOP on which things get intot their routing tables
(VERY HARD)
2) Forged route announcements... folks pay more attention to
a forged entry for 18.0.0.0/8 than 192.168.10.10/32... although
this "feature" is a key component of the Otha-san/Hardie
"anycast" root server (drafts).
I'd really want to have some method to authenticate the chain
and have an imbedded x509 CERT ... if we go to host routes.
(mind, I think its a good idea :)
--bill
---------------------------------------------------------------------
The IPv6 Users Mailing List
Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]
