Re: Autonomous System Sanity Protocol

"Donald E. Eastlake 3rd" <dee@cybercash.com> Mon, 28 April 1997 06:14 UTC

Received: from ietf.org by ietf.org id aa11869; 28 Apr 97 2:14 EDT
Received: from cnri by ietf.org id aa11538; 28 Apr 97 2:04 EDT
Received: from callandor.cybercash.com by CNRI.Reston.VA.US id aa02844; 28 Apr 97 2:04 EDT
Received: by callandor.cybercash.com; id BAA25318; Mon, 28 Apr 1997 01:50:17 -0400
Received: from cybercash.com(204.149.68.52) by callandor.cybercash.com via smap (3.2) id xma025312; Mon, 28 Apr 97 01:49:46 -0400
Received: by cybercash.com (4.1/SMI-4.1) id AA24447; Mon, 28 Apr 97 01:54:56 EDT
Date: Mon, 28 Apr 1997 01:54:55 -0400 (EDT)
Sender: ietf-request@ietf.org
From: "Donald E. Eastlake 3rd" <dee@cybercash.com>
To: Jeff Young <young@mci.net>
Cc: roque@cisco.com, big-internet@munnari.oz.au, ietf@CNRI.Reston.VA.US
Subject: Re: Autonomous System Sanity Protocol
In-Reply-To: <199704271400.KAA28676@postoffice.Reston.mci.net>
Message-Id: <Pine.SUN.3.91.970428014945.24064F-100000@cybercash.com>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Source-Info: From (or Sender) name not authenticated.

See RFC 2065.  DNSSEC provides a way to securely distribute keys 
associated with domain names.  By populating the in-addr.arpa tree with 
keys and securing the DNS tree above that point, you could provide for 
authoritative messages signed by an IP address as to what local 
connectivity it sees.

Donald

(Alternatively you could distribute the key and server list for the 
in-addr.arpa (and ip6.int or whatever it is) nodes and not have to secure 
the tree above that point.  And I'm sure there are complication 
associated with classless in-addr delegation...but these are probably 
surmoutable.)

 On Sun, 27 Apr 1997, Jeff Young wrote:

> Date: Sun, 27 Apr 1997 10:00:02 -0400
> From: Jeff Young <young@mci.net>
> To: Noel Chiappa <jnc@ginger.lcs.mit.edu>
> Cc: roque@cisco.com, big-internet@munnari.oz.au, ietf@CNRI.Reston.VA.US
> Subject: Re: Autonomous System Sanity Protocol 
> 
> so in addition to the registries that hold the routing information
> we need some kind of key repository for the exchange of information.
> then there's the new or improved protocol to handle passing and 
> authenticating the information.  
> 
> that'd protect us from a lot (an even bigger previous - 192/8 - fiasco
> comes to mind).  sounds like the use of registries is still a good start.
> 
> Jeff Young
> young@mci.net

=====================================================================
Donald E. Eastlake 3rd     +1 508-287-4877(tel)     dee@cybercash.com
   318 Acton Street        +1 508-371-7148(fax)     dee@world.std.com
Carlisle, MA 01741 USA     +1 703-620-4200(main office, Reston, VA)
http://www.cybercash.com           http://www.eff.org/blueribbon.html