Re: Autonomous System Sanity Protocol

Jeremy Porter <jerry@fc.net> Sun, 27 April 1997 05:29 UTC

Received: from cnri by ietf.org id aa12774; 27 Apr 97 1:29 EDT
Received: from murtoa.cs.mu.OZ.AU by CNRI.Reston.VA.US id aa02301; 27 Apr 97 1:29 EDT
Received: from mailing-list by murtoa.cs.mu.OZ.AU (8.6.9/1.0) id PAA10512; Sun, 27 Apr 1997 15:17:52 +1000
Received: from munnari.OZ.AU by murtoa.cs.mu.OZ.AU (8.6.9/1.0) with SMTP id PAA10483; Sun, 27 Apr 1997 15:05:01 +1000
Received: from freeside.fc.net by munnari.OZ.AU with SMTP (5.83--+1.3.1+0.56) id FA20948; Sun, 27 Apr 1997 15:04:59 +1000 (from jerry@freeside.fc.net)
Received: from freeside.fc.net (localhost.fc.net [127.0.0.1]) by freeside.fc.net (8.8.5/8.6.6) with ESMTP id AAA03232; Sun, 27 Apr 1997 00:01:20 -0500 (CDT)
Message-Id: <199704270501.AAA03232@freeside.fc.net>
To: Bill Manning <bmanning@isi.edu>
Cc: Tony Li <tli@jnx.com>, RADIA_PERLMAN@novell.com, big-internet@munnari.oz.au
Subject: Re: Autonomous System Sanity Protocol
In-Reply-To: Your message of "Sat, 26 Apr 1997 20:05:44 PDT." <199704270305.AA01853@zephyr.isi.edu>
Date: Sun, 27 Apr 1997 00:01:19 -0500
From: Jeremy Porter <jerry@fc.net>
Precedence: bulk

In message <199704270305.AA01853@zephyr.isi.edu>du>, Bill Manning writes:
>> 
>> However, if we assume that the basic protocol machinery is correct and are
>> out to protect us against ourselves, the delegation problem is the correct
>> one to solve.  Note that any practical solution probably requires some type
>> of key management solution already deployed.  One then needs to be able to
>> see a hierarchy of signed and trusted address space delegations.
>> 
>> Tony
>
>
>Humm, perhaps a first, rough cut might be turning on DNS Security for the
>inverse delegations all the way down.  That way you could get a "chain of
>custody" for the authoritative delegations.  You could also discriminate
>proxy aggregations... :)
>--bill

I'm not sure if/what your joking about, but I sure wouldn't trust
inverse delegations to be correct, with companies out on the net
deleting delegations in excess of their real authority.  Of course
if you did this at least you wouldn't have to worry about be routing
addresses where the in-addr.arpa's wern't correctly delegated...

The question with regard to trusted agencies is a real problem,
and apparently one of the ones that still hasn't been solved.


---
Jeremy Porter, Freeside Communications, Inc.      jerry@fc.net
PO BOX 80315 Austin, Tx 78708  |  1-800-968-8750  |  512-458-9810
http://www.fc.net