On Aug 14, 2008, at 10:59 PM, David Conrad wrote:
Yep. IANA does indeed have a limited operational role in the DNS
(in that currently IANA directly operates .int, ip6.arpa, urn.arpa,
uri.arpa, and iris.arpa) and no direct operational role in routing.
Of course, the statement was about the authority and delegation
model, not about operational roles.
...
Not sure it is 'the most fundamental change', but it is indeed a
significant change. That's sort of the point: RPKI is designed to
allow for validation which isn't possible now.
...
Indeed. And if RPKI is deployed in a way that is useful for
validation of routing announcements in real time, this will
obviously change, regardless of whether there is a single root for
the address space or multiple roots. However, it seems to me that
the decision as to whether there is a single root or multiple roots
is deeply rooted (pun intended) in layer 9.
But perhaps that's just me.
OK, so we were talking past one another. I agree with everything
you said above, and simply meant to highlight the fact that RPKI
validation will change things (quite necessarily, IMO), and folks
need to be paying attention to this.
-danny