Re: Autonomous System Sanity Protocol

Bill Manning <bmanning@isi.edu> Sun, 27 April 1997 03:26 UTC

Received: from cnri by ietf.org id aa11186; 26 Apr 97 23:26 EDT
Received: from murtoa.cs.mu.OZ.AU by CNRI.Reston.VA.US id aa00514; 26 Apr 97 23:26 EDT
Received: from mailing-list by murtoa.cs.mu.OZ.AU (8.6.9/1.0) id NAA10376; Sun, 27 Apr 1997 13:17:34 +1000
Received: from munnari.OZ.AU by murtoa.cs.mu.OZ.AU (8.6.9/1.0) with SMTP id NAA10349; Sun, 27 Apr 1997 13:08:18 +1000
Received: from zephyr.isi.edu by munnari.OZ.AU with SMTP (5.83--+1.3.1+0.56) id DA19133; Sun, 27 Apr 1997 13:08:17 +1000 (from bmanning@ISI.EDU)
Received: by zephyr.isi.edu (5.65c/5.61+local-24) id <AA01853>; Sat, 26 Apr 1997 20:05:44 -0700
From: Bill Manning <bmanning@isi.edu>
Message-Id: <199704270305.AA01853@zephyr.isi.edu>
Subject: Re: Autonomous System Sanity Protocol
To: Tony Li <tli@jnx.com>
Date: Sat, 26 Apr 1997 20:05:44 -0700 (PDT)
Cc: RADIA_PERLMAN@novell.com, big-internet@munnari.oz.au
In-Reply-To: <82u3kt6xit.fsf@chimp.jnx.com> from "Tony Li" at Apr 26, 97 06:54:18 pm
X-Mailer: ELM [version 2.4 PL25]
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 646
Precedence: bulk

> 
> However, if we assume that the basic protocol machinery is correct and are
> out to protect us against ourselves, the delegation problem is the correct
> one to solve.  Note that any practical solution probably requires some type
> of key management solution already deployed.  One then needs to be able to
> see a hierarchy of signed and trusted address space delegations.
> 
> Tony


Humm, perhaps a first, rough cut might be turning on DNS Security for the
inverse delegations all the way down.  That way you could get a "chain of
custody" for the authoritative delegations.  You could also discriminate
proxy aggregations... :)


--bill