nanog mailing list archives
Re: Deciding whose network block is whose?
From: Geoff Huston <gih () telstra net>
Date: Wed, 07 Jan 1998 06:59:03 +1100
At 11:13 AM 1/6/98 -0800, Sean M. Doran wrote:
Geoff Huston <gih () telstra net> writes:I am looking to the regional registeries to take some level of initiative and provide clients of their address allocation service the ability to sign the allocation and then the client can sign the routing request to the provider which the provider can verify against the regional registry. We went through this in discussion in the room at the time and it looked like a viable and useful approach.Yes, but this is only part of the problem. I mean, fantastic idea, but then it's not exactly transitive. How do I know I can trust that Telstra's announcements have been authorized by the people responsible for the prefixes in question? Worse, since I do not talk directly with Telstra, how do I know I can trust the intermediary networks not to have performed (or fallen victim to) AS path surgery? Moreover, other than prefix-length filtering, what can I do to prevent falling victim to subnet-announcement attacks? Note that a larger CIDR block can still fall victim to announcements of /19s in networks which use The Satanic Filters. Perhaps you have some idea other than mine (prayer) for scalably solving these and similar issues?
My point was that one direction of addressing Sean Donelan's original problem was to clearly identify the point in the network where the announcement is originated and clearly identify the legitimacy of each advertisement incrementally through the use of explicit signatures. It does not address explicitly the issue of routing policy at a distance, which you identify as a bloody big scaling problem - and I agree that it is! g
Current thread:
- Re: Deciding whose network block is whose? Sean M. Doran (Jan 06)
- <Possible follow-ups>
- Re: Deciding whose network block is whose? Sean M. Doran (Jan 06)
- Re: Deciding whose network block is whose? Geoff Huston (Jan 06)
- Re: Deciding whose network block is whose? Sean M. Doran (Jan 09)
- Re: Deciding whose network block is whose? Geoff Huston (Jan 06)