Models of Trust for the RPKI

This is a report on a feasibility study looking at an alternative trust anchor structure for the Resource Public Key Infrastructure (RPKI). Background In the early days of the Internet in the 1980’s when the Internet address plan used the Class A, B and C address structure, it appears that…


Measurement and Analysis of Protocols at IETF 118

The IETF met in Prague in the first week of November 2023. I attended the meeting of the Measurement and Analysis of Protocols Research Group, and here are my impressions from that meeting. QUIC Topics QUIC is essentially a variant of TCP, but at the same time it also represents…


DNS at IETF 118

The IETF met in Prague in the first week of November 2023, and, as usual there was a flurry of activity in the DNS-related Working groups. Here’s a roundup of those DNS topics I found to be of interest at that meeting. Re-thinking the DNS Prior to IETF meetings there…


Call the Routing Police!

There was a somewhat unfortunate outage for a major communications service provider in Australia, Optus, in mid-November. It appears that one of their peer BGP networks mistakenly advertised a very large route collection to the Optus BGP network which caused the routers to malfunction in some manner. The problem was…


IPv6, the DNS and Happy Eyeballs

There was a draft that caught my attention during DNSOPS Working Group session at the recent IETF 118 meeting on the topic of “DNS IPv6 Transport Operational Guidelines”. This draft proposes to update an earlier guideline document with some new guidelines. The original document, RFC3901, titled “DNS IPv6 Transport Guidelines””,…


How We Measure: DNSSEC Validation

At APNIC Labs we publish a number of measurements of the deployment of various technologies that are being adopted on the Internet. Here we will look at how we measure the adoption of DNSSEC validation. DNSSEC Security for the DNS has been a vexed topic for many years. The days…


Notes from NANOG 89: Trust and Network Infrastructure

Trust is such a difficult concept in any context, and certainly computer networks are no exception. How can you be assured that your network infrastructure us running on authentic platforms, both hardware and software, and its operation has not been compromised in any way? The combination of complex supply chains…


Notes from NANOG 89: BGP Error Handling

The original specification of the BGP routing protocol, RFC 1105, from 1989, has the following directive: “NOTIFICATION messages are sent when an error condition is detected. The BGP connection is closed shortly after sending the notification message.” Ahh, you might think, that might be a potential problem, but the directive…


Internet Governance in 2023

It’s been an interesting couple of weeks for me in mid-October 2023. I presented in a couple of panels at the 18th Internet Governance Forum meeting, held in Kyoto, Japan, and I also listened in to a couple of sessions in their packed agenda. The following week I followed the…