On 2011-01-24, at 20:59, Danny McPherson wrote: > On Jan 24, 2011, at 8:48 PM, Randy Bush wrote: > >>> And now that DNSSEC is deployed >> >> and you are not sharing what you are smoking > > root and .arpa are signed, well on the way, particularly relative > to RPKI. > > Incremental cost of signing in-addr.arpa using a deployed DNS > system as opposed to continuing development, deployment and > operationalizing and dealing with all the political issues with > deploying a new RPKI system -- hrmm.
IN-ADDR.ARPA will be signed relatively soon, as part of the work described here: http://in-addr-transition.icann.org/ Timeline to follow, here and other similar lists, some time relatively soon. But I'm curious about your thoughts on the case I mentioned in my last message. I don't think the existence of a secure delegation chain from the root down to operator of the last sub-allocated address block is all that is required, here. Joe
