work by itself does not need to be done in the router.
Maybe some of you could take a look and comment.
Look for the drafts at http://www.ietf.org/html.charters/sidr-charter.html
--Sandy
reports that DHS was planning to hold keys to sign
the DNS space. Nothing to do with addresses (domain names, IP addresses,
different
things).
And I hear the reports are, well...
--Sandy
/slides/conf/wednesday/Address%20Space%20PKI%20(APRICOT).pdf
Work ongoing in the IETF SIDR working group:
http://www.ietf.org/html.charters/sidr-charter.html
--Sandy Murphy
do both, but you need to keep both
views in mind.)
--Sandy
that or suggest operational practices to get around it.
--Sandy
?
Etc.
--Sandy
, not rfcs. I don't think
there have been any rfcs (would there were - we'd be in a different
situation), and rfcs don't expire.
--Sandy
be argued that the fundamental vulnerabilites in the way
routing info is communicated would be better fixed in the protocol.
--Sandy
is fine.
The hard part comes in deciding how to test the UPDATE message to
detect false/malicious information. There's lots of debate about
that.
--Sandy
and conclusions of the witness.)
--Sandy
associated with any
future address space allocations/assignments? I imagine that would
please the legacy space holders.
Do you know that this would be the case? I'm not a registry
canon law expert myself.
--Sandy
Do you suppose that if a Microsoft salesman had given me a free copy
of Windows back in 1990, I would have a right to use any version of
Windows for free forever?
I don't think this analogy exactly fits. I'm pretty sure that the legacy
space holders think of this as: a Microsoft salesman had
with ISPs
that own more than one AS #. (make authr_origin_AS_# a list?)]
--Sandy
who really should be baking
is allocated prefix P,
does the web-of-trust ISP identify certificate have to say exactly
ISP XYZ? Is that exact match the link between what the RIR-rooted
cert is proving and what the web-of-trust identify cert is proving?
--Sandy
diligent in checking
what they are propagating, you the diligent one can stop the problems.
--Sandy
in a tree,
not a mesh. (But the web of trust might be useful for those current
special cases that don't devolve from the existing registries, aka
legacy space, until that situation can be fixed.)
--Sandy
verify the data signed with that cert (signed with the private
key associated with the public key in the cert, to be explicit).
--Sandy
... But there doesn't seem to
be anything that helps Bell heads understand what switching, routing
or signaling means on the Internet. There are a lot of words which are
spelled alike, but mean very different things in the Bell world and the
Internet world.
I've been thinking of it
Andy Johnson wrote:
Let me clarify, then.
If the offending ISP does not respond, and you have exhausted all avenues
available to you to get the ISP to get its customer to stop spamming -
whether by TOS'ing the customer, education or whatever -
... and you've waited a reasonable time
19 matches
Mail list logo