On Mon, Jan 24, 2011 at 9:16 PM, Danny McPherson <da...@tcb.net> wrote: > > On Jan 24, 2011, at 9:02 PM, Joe Abley wrote: >> >> In this case the DNS delegations go directly from RIR to C; there's no >> opportunity for A or B to sign intermediate zones, and hence no opportunity >> for them to indicate the legitimacy of the allocation. >> >> As a thought experiment, how would you see this working? > > New prefix-based RRs? And perhaps even a new .arpa or > in-addr.arpa subdomain, the draft Randy referenced even > discussed the latter, IIRC. > > -danny
The more you have to invent, though, the more this sounds like a bike-shed discussion. s/DNSSEC/X.509/g s/delegating reverse "prefix" zone/signing RPKI delegation certificate/g
